Admin Panel Accessed (OAuth Bypassed )

On December 4, 2017, @aneeskhan reported an authentication bypass vulnerability on a Mapbox internal portal. The vulnerability allowed them to bypass OAuth authentication and generate a valid session for the site. This session was then used by @aneeskhan to access information on the portal which required authentication. Using the details provided by @aneeskhan, Mapbox fixed the session handling code within its portal software preventing failed OAuth authentication attempts from generating valid sessions.