2FA Bypass via Basic Authentication on private bug bounty program

2FA bypass via basic authentication

Hello Friends,

This is yet another 2FA bypass that I discovered in a private bug bounty program. So I had found a couple of bugs including a 2FA bypass in this application & was hunting for mores bugs.

• While trying to append different extensions such as .html, .aspx, .js, ,php etc to an already existing page I suddenly triggered a Basic Authentication pop up.
• So if the program has a URL say “example.com/edit”, I simply changed it to “example.com/edit.aspx” and a Basic Authentication popped up which was otherwise hidden in the application.

Basic Authentication

• The first thought that came to my mind was to try out the user credentials to check if it is being accepted.
• As soon as I entered the credentials, the account logged in successfully and I was able to bypass the 2FA enabled in the account which was kinda surprising.

• This application did not have any API keys so it was pretty obvious that we could only try valid login credentials.
• I immediately reported this and it was triaged as High severity bug.

Hope you guys enjoyed it, have a good day. 😃

Disclaimer: For educational purpose only please do not try for illegal activities.