doorkeeper is vulnerable to Improper Authentication. The vulnerability exists because user authentication is automatically processed without consent of the user if the authentication token matches, which is out of OAuth RFC 8252 spec, allowing an attacker to impersonate a user and possibly bypass authentication.Read More