2FA Bypass

cool 2fa bypass tips i saw

1. Response and Status code Manipulation

  1. 2FA Bypass Via Reset Password

  2. Clickjacking on 2FA Disable Feature

  3. CSRF on 2FA Disable Feature

  4. 2FA Code Reusability

  5. 2FA Referrer Check Bypass : Sometimes the server check the Referrer Header to see if you came it from an authenticated url(page) or not

  6. 2FA Code Leakage in Response

  7. Missing 2FA Code Integrity Validation : here the server check if code correct or not , not validate which user made the request

  8. 2FA bypass by sending blank code

  9. Password not checked when disabling 2FA: when asking for Password , enter wrong password and forward the request

  10. Enable 2FA without verifying the email

  11. Bypass 2FA with null or 000000 or 0000

  12. 2FA bypass by sending blank code

  13. https://medium.com/@Az3m/bypassing-two-factor-f2d0f9bea39d

  14. https://web.archive.org/web/20230817153406/https://h0tak88r.github.io/posts/Multi-Factor-Authentication-%282FA%29-Security-Testing/

  15. https://0xm5awy.medium.com/10-2fa-bypasses-discovered-on-a-single-program-and-page-422652a14fa

  16. https://muhammad-aamir.medium.com/2fa-secret-cannot-be-rotated-a-vulnerability-explained-for-bug-bounty-093fd2eb1486

Previouspentesting4arabsNextAndroid

Last updated