OAuth changes, MCP Authorization, & PKCE Downgrades (Ep. 169)

Episode 169: In this episode of Critical Thinking - Bug Bounty Podcast gr3pme walks through what OAuth 2.1 actually changes for attackers, covering the MCP auth spec, token pass-through in agentic workflows, and four CVEs that illustrate where the bugs are landing. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: [email protected] Shoutout to   / realytcracker   for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today's Sponsor: Check out ThreatLocker Ringfencing https://www.criticalthinkingpodcast.i... ====== This Week in Bug Bounty ====== Intigriti is providing free Burp Pro for Hackers! https://www.intigriti.com/blog/news/i... ====== Resources ====== Django-allauth Account Takeover (ZeroPath Audit) https://zeropath.com/blog/django-alla... CVE-2025-4144: Cloudflare Workers PKCE Bypass https://github.com/cloudflare/workers... CVE-2025-54576: OAuth2-Proxy Auth Bypass https://zeropath.com/blog/cve-2025-54... ====== Timestamps ====== (00:00:00) Introduction (00:02:16) OAuth 2.0 Standards (00:12:08) Agent to Agent Communication (00:17:19) CVE Case studies