BOOK THIS SPACE FOR AD
ARTICLE ADHello My Dear Buggies!!!
Happy to write my Third article in medium. kindly excuse me if any Grammarly mistakes in this article,still iam learner
I Hope your good,lets begin our show
If your not reading my previous story, check this you will understand easily
I submitted the 2fa authentication bypass , its marked as informative, and the replay was like this
I am full frustrated, shutdown my system , call to my friend explained everything he said why should your asking password reset (its useless) try to think out of the box, he is motivated me , after an hour again iam testing 2fa function after 15 minutes after ,again I bypassed the 2fa without reseting password ,how i bypassed….(when your registering website it will ask you create the instance ) keep it your mind this will help you,,,,,,,,!!!!!!
steps to reproduce
1-login with your account
2-setup 2fa authentication
3-click on project ( when you created your first instance)
4-copy the url path ( keep it notepad )
5-logout the account
6-clear the browser hisitory and cookies
7-try login your account
8-its ask 2fa code
9-do not enter the 2fa code
10- in step 4 your copy that url right . paste it in url bar — -click on go
11- your login
12- click on stack management
13-create user as an admin
14-login with admin
IMPACT:
If an attacker may mail id and password,user may think iam safe with 2fa authentication(because user enable 2fa using phone number),but attacker can easily bypass 2fa (weak implenation 2fa authentication)
bypassed again submitted to the program, after 2 days they fixed the issue,but the replay was like this(below)
I feel very bad , The Tears of Happines come into eyes
Iam almost submitted 16 to 18 reports, some of them informative , non-applicable ,and duplicate
Always remember don’t fell said that your finding was awarded as informative or rejected…Don’t expect them everytime.. Good luck with hunting and wish me good luck as well
Thanks for reading
catch you in next writeup.bye bye
HAPPY HUNTING BUGGIES