2FA Bypass Do Re Mi

  1. Protected endpoint without 2FA check
  2. 2FA token disclosure in the server response
Server Response with Invalid M-Token
Do Re Mi (attempt 1)

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ashlyn Lau

Ashlyn Lau

Penetration Tester | Hacker @ Numen Cyber