2FA bypass by reading the documentation

This is a fairly simple and short writeup, but i think is worth sharing, so lets get started.

This program is private so i will be redacting most of the information from it.

Like any other website, my program has a 2fa implemented, and their implementation is pretty good too. So i started reading the documentation. Most of the api functions requires api key for authorization

And this api key can be only obtained in the web client after logging in which require a 2fa verification. However, while reading other api functions, i found one odd api method.

Unlike the other api methods, it doesnt use the api key for authorization. Instead, it uses a basic authentication stated by the -u and only requires the email and the password . After trying it out myself, the request succeeds without the 2fa verification.

This is fixed now and is accepted as low since it requires knowing the credentials of the target and only one api method is vulnerable but still interesting for me nonetheless.

Thanks for reading, Join the Bounty Hunter Discord Server: https://discord.gg/bugbounty

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Exploring Internet Privacy and How It’s Handled (Post #1)

AuroraFS

DHTL Token: Use cases

7 Deadly Online sins Part 1

How I got access to 25+ Tesla’s around the world. By accident. And curiosity.

Best Safari Password Manager

Black Hat and Def Con 2019 thoughts

How is AI being used to fight against cyber attacks?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Brandon Roldan

Brandon Roldan

More from Medium

How We “Forced” Our Client To Fix A Low Severity Security Bug And Still Got Appreciated!

Burp Suite Tool — Overview and Usage

Attacking IBM MQ — SWIFT to Steal Money$$$

HackTheBox: Previse