Critical Authentication Bypass & Account Takeover via Attacker’s MFA Code

1 month ago 43
BOOK THIS SPACE FOR AD
ARTICLE AD

Sharat Kaikolamthuruthil

Critical Account Takeover Bug via MFA Code

Hello Folks,

This write-up is about an account takeover bug that I found on the same public bug bounty program which was described in my previous post.

Link shared below:

Note:

Setting MFA in the account was mandatory for all Admin accounts hence this report was applicable & critical.

Normal authentication flow of application

Login to account from “sso.target.com/v2/login”Application prompts for password & upon entering it will redirect to “sso.target.com/v2/login/mfa”Enter the MFA code & hit submit.The POST request will contain the code & the mfa id & account can be accessed. (The mfa id is a static & unique alphanumeric value which identifies each MFA set on an account.)

The Exploit

Go to login page & enter attacker’s email id.The application will redirect to page where
Read Entire Article