You do not need to run 80 reconnaissance tools to get access to user accounts

Information Disclosure

An open redirect was almost everything I needed in two different bug bounty programs to get access to user accounts. In one of the cases a JWT was leaked, and in the other the CSRF token was leaked.