๐๐๐๐ฎ๐ฐ๐ธ๐ถ๐ป๐ด ๐ฎ๐๐๐ฒ ๐ถ๐ป ๐ ๐ผ๐ฑ๐ฒ๐ฟ๐ป ๐ช๐ฒ๐ฏ ๐๐ฝ๐ฝ๐
9 Different Techniques to Bypass 2FA in WebApps.
[A Thread ๐งต]
#bugbounty #bugbountytips #cybersecurity #AppSec
9 Different Techniques to Bypass 2FA in WebApps.
[A Thread ๐งต]
#bugbounty #bugbountytips #cybersecurity #AppSec
๐๐ก๐๐ญ ๐ข๐ฌ ๐๐
๐ ?
2FA is a security process in which users provide two different authentication factors to verify themselves. 2FA is implemented to better protect both a userโs credentials and the resources the user can access.
2FA is a security process in which users provide two different authentication factors to verify themselves. 2FA is implemented to better protect both a userโs credentials and the resources the user can access.
[๐๐ฒ๐ฉ๐๐ฌ๐ฌ ๐] - ๐
๐จ๐ซ๐๐๐ ๐๐ซ๐จ๐ฐ๐ฌ๐ข๐ง๐
Try accessing different endpoints directly with the available token generated from passing the 1st authentication mechanism.
Try accessing different endpoints directly with the available token generated from passing the 1st authentication mechanism.
[๐๐ฒ๐ฉ๐๐ฌ๐ฌ ๐] - ๐๐๐ฎ๐ฌ๐ข๐ง๐ ๐ญ๐จ๐ค๐๐ง
Try Reusing the Auth code sent to your phone number twice or thrice, If you can do so an attacker could use older OTP to bypass 2FA in the target account anytime in the future.
Try Reusing the Auth code sent to your phone number twice or thrice, If you can do so an attacker could use older OTP to bypass 2FA in the target account anytime in the future.
[๐๐ฒ๐ฉ๐๐ฌ๐ฌ ๐] - ๐๐๐๐ค๐๐ ๐๐จ๐ค๐๐ง๐ฌ
Sometime an application may leak an OPT in the response of a HTTP request responsible to generate an OTP on server side, the token leaked on a response from the web application can be used to bypass 2FA.
Sometime an application may leak an OPT in the response of a HTTP request responsible to generate an OTP on server side, the token leaked on a response from the web application can be used to bypass 2FA.
[๐๐ฒ๐ฉ๐๐ฌ๐ฌ ๐] - ๐๐๐ฌ๐ฌ๐ฐ๐จ๐ซ๐ ๐ซ๐๐ฌ๐๐ญ ๐
๐ฎ๐ง๐๐ญ๐ข๐จ๐ง๐๐ฅ๐ข๐ญ๐ฒ
In almost all web applications the password reset function automatically logs the user into the application after the reset procedure is completed. That may lead to a 2FA Bypass.
In almost all web applications the password reset function automatically logs the user into the application after the reset procedure is completed. That may lead to a 2FA Bypass.
[๐๐ฒ๐ฉ๐๐ฌ๐ฌ ๐] - ๐๐๐๐ค ๐จ๐ ๐๐๐ญ๐ ๐๐ข๐ฆ๐ข๐ญ
Developers often use rate limits to control the number of requests per user. If the rate limit is missing the attacker can bypass 2FA using bruteforce attacks.
Developers often use rate limits to control the number of requests per user. If the rate limit is missing the attacker can bypass 2FA using bruteforce attacks.
[๐๐ฒ๐ฉ๐๐ฌ๐ฌ ๐] - ๐๐๐๐
/๐๐ฅ๐ข๐๐ค๐ฃ๐๐๐ค๐ข๐ง๐
Check if there is a CSRF on enabling and Disabling 2FA or a Clickjacking vulnerability to disable the 2FA.
Check if there is a CSRF on enabling and Disabling 2FA or a Clickjacking vulnerability to disable the 2FA.
[๐๐ฒ๐ฉ๐๐ฌ๐ฌ ๐] - ๐๐๐ฌ๐ฉ๐จ๐ง๐ฌ๐ ๐๐๐ง๐ข๐ฉ๐ฎ๐ฅ๐๐ญ๐ข๐จ๐ง
Change Response of 2FA validating request:
{"success":"false"} -> {"success":"true"}
or Status code:
[403 -> 200] or [401 -> 200]
Change Response of 2FA validating request:
{"success":"false"} -> {"success":"true"}
or Status code:
[403 -> 200] or [401 -> 200]
[๐๐ฒ๐ฉ๐๐ฌ๐ฌ ๐] - ๐๐ซ๐จ๐ฌ๐ฌ ๐๐จ๐ค๐๐ง ๐๐ฌ๐๐ ๐
Try using the 2FA codes send to Account1 on Account2, This simple technique can sometimes lead to 2FA Bypass
Try using the 2FA codes send to Account1 on Account2, This simple technique can sometimes lead to 2FA Bypass
[๐๐ฒ๐ฉ๐๐ฌ๐ฌ ๐] - ๐๐ฌ๐ข๐ง๐ ๐๐ข๐๐๐๐ซ๐๐ง๐ญ ๐๐ฎ๐ญ๐ก๐๐ง๐ญ๐ข๐๐๐ญ๐ข๐จ๐ง ๐๐๐ญ๐ก๐จ๐๐ฌ
Sometimes web developers forgot to enforce 2FA on login via google, Facebook, apple Etc, Which may allow an attacker to bypass 2FA.
Sometimes web developers forgot to enforce 2FA on login via google, Facebook, apple Etc, Which may allow an attacker to bypass 2FA.
We recently published an comprehensive article on Attacking 2FA in modern web apps.
Check it our here ๐
snapsec.co/blog/Attackingโฆ
Check it our here ๐
snapsec.co/blog/Attackingโฆ
โข โข โข
Missing some Tweet in this thread? You can try to
force a refresh
ใ
