2fa bypass again

Hello My Dear Buggies!!!

Happy to write my Third article in medium. kindly excuse me if any Grammarly mistakes in this article,still iam learner

I Hope your good,lets begin our show

If your not reading my previous story, check this you will understand easily

I submitted the 2fa authentication bypass , its marked as informative, and the replay was like this

I am full frustrated, shutdown my system , call to my friend explained everything he said why should your asking password reset (its useless) try to think out of the box, he is motivated me , after an hour again iam testing 2fa function after 15 minutes after ,again I bypassed the 2fa without reseting password ,how i bypassed….(when your registering website it will ask you create the instance ) keep it your mind this will help you,,,,,,,,!!!!!!

steps to reproduce

1-login with your account

2-setup 2fa authentication

3-click on project ( when you created your first instance)

4-copy the url path ( keep it notepad )

5-logout the account

6-clear the browser hisitory and cookies

7-try login your account

8-its ask 2fa code

9-do not enter the 2fa code

10- in step 4 your copy that url right . paste it in url bar — -click on go

11- your login

12- click on stack management

13-create user as an admin

14-login with admin

IMPACT:

If an attacker may mail id and password,user may think iam safe with 2fa authentication(because user enable 2fa using phone number),but attacker can easily bypass 2fa (weak implenation 2fa authentication)

bypassed again submitted to the program, after 2 days they fixed the issue,but the replay was like this(below)

I feel very bad , The Tears of Happines come into eyes

Iam almost submitted 16 to 18 reports, some of them informative , non-applicable ,and duplicate

Always remember don’t fell said that your finding was awarded as informative or rejected…Don’t expect them everytime.. Good luck with hunting and wish me good luck as well

Thanks for reading

catch you in next writeup.bye bye

HAPPY HUNTING BUGGIES