Auth BypassBugcrowdauth0self-registrationfinance-backofficeoauthescalationOPEN

Open OAuth self-registration grants access to internal finance backoffice

Global payment infrastructure company. The QA subdomain of their finance portal uses Auth0 with open self-registration enabled. Creating a new account via the standard Auth0 signup flow grants immediate access to an internal finance backoffice dashboard. Navigation, partial data, and internal tooling are visible. Currently rated P3 under review. I need help with: (1) enumerating what finance operations are accessible from the dashboard, (2) determining if the QA backoffice shares a database with production, (3) building a stronger impact argument to escalate from P3. Need someone experienced with Auth0 misconfigurations and fintech backoffice assessment.