.png)
4 weeks ago
28 BOOK THIS SPACE FOR AD
ARTICLE AD
Hello, everyone! 👋
I’m Dhananjay Pathak, a passionate security researcher, and I’m excited to share my recent discovery of a simple 2FA vulnerability on Logitech. In this post, I’ll show you how I found a way to bypass their Two-Factor Authentication, which could pose security risks for users. I’ll break down each step simply so you can understand how I discovered this issue.
Vulnerability Summary: During my investigation of Logitech’s security, I discovered a flaw in their Two-Factor Authentication (2FA) process. I found that it was surprisingly easy to bypass the 2FA protection, allowing unauthorized access to user accounts.
Let’s dive into the step-by-step process of how I discovered this vulnerability!
The first step is to find all possible subdomains associated with the target. I recommend using multiple tools for subdomain enumeration to ensure comprehensive coverage.
sublist3r -d target.com -v -o ~/target/sublister_subdomains.txtsubfinder -d target.com -o ~/target/subfinder_subdomains.txt
amass enum -passive -norecursive -noalts -d target.com -o ~/target/amass_subdomains.txt
To avoid duplicates and consolidate all the subdomains into one file, we can merge and sort the results.
cat ~/target/subfinder_subdomains.txt ~/target/sublister_subdomains.txt ~/target/amass_subdomains.txt | anew ~/target/all_subdomains.txtOnce we have the subdomains, it’s time to check which ones are actually alive and responding. For this, I used HTTPX, a tool designed to filter live subdomains efficiently.
httpx -l ~/target/all_subdomains.txt -o ~/target/live_subdomains.txt1 → Access Subdomains: Open each live subdomain in a web browser, focusing on login pages or account management areas.
2 → Login Attempts: If you have account access, log in with valid credentials to observe the 2FA prompts.
3 → Identify 2FA Method: Note the type of 2FA used (e.g., SMS, email, authenticator apps).
After examining each live subdomain and its 2FA functionality, I noticed an interesting behavior. I enabled 2FA using the authenticator app method. However, after successfully enabling 2FA, I logged out and attempted to log back in. To my surprise, I was able to access my account without any 2FA verification. This indicates a significant security flaw in the implementation of the 2FA process, as it allowed me to bypass the additional authentication step entirely.
After confirming the 2FA vulnerability, I documented my findings in a detailed report for HackerOne. I included all relevant information, such as the steps to reproduce the issue, the impact of the vulnerability, and the specific subdomains affected.
A few days later, I received a notification that my report had been successfully accepted and triaged. The security team acknowledged the significance of the vulnerability, appreciating the thoroughness of my submission.
If you enjoyed this write-up and found it useful, don’t forget to follow me on Twitter! You can reach out to me anytime; just drop me a DM. 😊
Thanks for reading! 🙌 Stay safe, and keep hacking ethically! 💻
Bengali (Bangladesh) · 
English (United States) ·