Bypass 2FA in a website

Sourav Sahana
Jan 9 · 1 min read

01.01.2020

Hii hunters ! I’m again with another story. I love 2FA, not because it provide extra security. Because of satisfaction to bypass them. Stay tuned with me because I’ll post more story on 2FA bypass. Enjoy the story !!

It was first day of 2020. I found a way to bypass 2fa in a website. I was randomly searching bug bounty program with GHDB. And found a domain that is allowing users to enable 2fa with google authentication app. Challenge accepted…

First I tried in login page. Tries every possible way but didn’t get any success. Then I thought lets look at the forget password page, I Entered my email ID and and clicked on ‘forgot password’ . After few seconds I got an email that looks like this: https://app.domain .io/reset/645hNr78tr5410HgG6yvYZtk2Y45lki7/

I visited the url and entered a new password. After clicking submit, a new window opened that asking me 2FA code. So I first tried with response manipulation. But didn’t work.

Then I looked at the request to see what was going on with my 2fa code. That was a POST request and in the body I found ‘reset_key’, ‘_csrf’, ‘email’, ‘password’ and ‘token’ parameters. ‘token’ is my 2FA code.

I deleted token parameter and it’s value. Then I forwarded the request. And BOOM… I was redirected in my account with a notification : “Password successfully changed” . I was like…

Thank you for your time. Hope you enjoyed this story. Happy Hunting.!!

Sourav Sahana

Bug bounty writeups

Sourav Sahana

Written by

Hey ! My name is Sourav and I’m a security researcher/Hacker from India. Follow me if you are bug hunter to see my findings.

Sourav Sahana

Bug bounty writeups

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade