.png)
3 days ago
14 BOOK THIS SPACE FOR AD
ARTICLE ADMFA Bypass Exposed: A Flaw in Two-Factor Authentication
Hello fellow hackers! I hope this year brings everyone the success and opportunities they’ve been working towards. May it be a year filled with growth, discoveries, and the kind of breakthroughs that fuel our passion. As we dive into 2025, it’s clear that the year is off to an exciting start. On just the second day of testing an application, I uncovered two significant vulnerabilities. The first was a price tampering issue, which allowed me to place an order worth 1.5 lakh rupees for less than a single rupee. The test setup for this was similar to one I’ve explained before, so I won’t go into details here.
However, the second vulnerability is something that deserves special attention: an MFA bypass. This security flaw is another one, and it’s something we need to understand in-depth. In this article, we’ll focus on how I identified the vulnerability and what it means for the security of applications relying on multi-factor authentication. Let’s dig into how this bypass works and what steps can be taken to prevent such attacks in the future.
Upon logging into the application on redacted.com, I began by filling out the required details, including user information such as phone number, email, and other parameters in the form. Once the form was completed, I clicked on “Submit,” and the application prompted me for an OTP, which was sent to the phone number I had provided.
The first step in my exploration involved capturing the correct OTP. After successfully doing so, I sent the request to Burp Suite’s Repeater, which allowed me to reuse the exact same response for different OTP inputs. At this point, I noticed that the server didn’t validate the OTP properly, so I decided to test this further. Instead of entering the correct OTP, I manually edited the value to “000000” and intercepted the request using Burp Suite. I then pasted the modified response into the Repeater and forwarded it to the server.
To my surprise, when I sent the modified request containing the “000000” OTP, the server did not validate it and allowed me to proceed. The application did not detect the invalid OTP, which allowed me to successfully bypass the multi-factor authentication (MFA) and gain unauthorized access.
This discovery revealed a crucial flaw in the application’s MFA implementation, where the system failed to properly validate OTP responses, enabling me to bypass authentication with an incorrect OTP. The vulnerability was reported for further investigation and remains unresolved at the time of writing.
Fill the details for the below form2. we will receive a otp give the correct otp and capture the request. Send it to repeater. This is the response for correct otp.
3. Now repeat the above steps this time give some random OTP i am giving ‘000000’ and capture the request again.
4. Do intercept the request we will get the above response but we have alreday capture the correct reponse replace that here which was there in repeater. Replace and forward the request it will take you to the payment gateway directly refer to the below screenshot.
Remediation:
Improve OTP Validation LogicEnhance Server-side Authentication ChecksSpecial Thanks:
Lastly, I want to take a moment to thank a very special person whom I met on September 30, 2022. I want you to know how much your existence means to me. Thank you for being you.
Bengali (Bangladesh) · 
English (United States) ·