2FA is a security process in which users provide two different authentication factors to verify themselves. 2FA is implemented to better protect both a userโs credentials and the resources the user can access.
Try Reusing the Auth code sent to your phone number twice or thrice, If you can do so an attacker could use older OTP to bypass 2FA in the target account anytime in the future.
Sometime an application may leak an OPT in the response of a HTTP request responsible to generate an OTP on server side, the token leaked on a response from the web application can be used to bypass 2FA.
In almost all web applications the password reset function automatically logs the user into the application after the reset procedure is completed. That may lead to a 2FA Bypass.
Developers often use rate limits to control the number of requests per user. If the rate limit is missing the attacker can bypass 2FA using bruteforce attacks.
Rate limiting is a process to limiting the number of request an user can make to a web server in an span of time. This can be achieved by implementing IP based, Session Based rate limits on web server.
Bypasses ๐
- Where to Look for Rate Limit Bugs
Place like :
- Login/Signup pages
- Register Pages
- 2FA codes
- Confirmation Codes
and any other request which if bruteforce will allow attacker to achieve anything malicious should be check for "No Rate Limit" issue.
An insecure CORS configuration allows any website to trigger requests with user credentials to the target application and read the responses thus enabling attackers to perform privileged actions or to retrieve potential sensitive information