Short Description
Possible second factor authentication bypass by directly using a vulnerability within the last endpoint of the 2FA flow.
Reporting Date
- August 2022
Details
An attacker who is already in possession of a victim's credentials could utilize the /secondfactor/done endpoint to directly acquire an access token without a real 2FA verification just by passing the request id used during the login.
Impact
Medium
References
- Bug Bounty ID: ec8f4aae (Private)
- Internal ID: SEC-790
❤ Thanks to
Simon Reinhart for reporting the vulnerability within the 2FA verification.
Short Description
Possible second factor authentication bypass by directly using a vulnerability within the last endpoint of the 2FA flow.
Reporting Date
Details
An attacker who is already in possession of a victim's credentials could utilize the
/secondfactor/doneendpoint to directly acquire an access token without a real 2FA verification just by passing the request id used during the login.Impact
Medium
References
❤ Thanks to
Simon Reinhart for reporting the vulnerability within the 2FA verification.