2FA simple bypass | Dec 21, 2022
Introduction
Welcome to my another writeup! In this Portswigger Labs lab, you’ll learn: 2FA simple bypass! Without further ado, let’s dive in.
- Overall difficulty for me (From 1-10 stars): ★☆☆☆☆☆☆☆☆☆
Background
This lab’s two-factor authentication can be bypassed. You have already obtained a valid username and password, but do not have access to the user’s 2FA verification code. To solve the lab, access Carlos’s account page.
- Your credentials:
wiener:peter - Victim’s credentials
carlos:montoya
Exploitation
Home page:
Login as user wiener:
In here, we’re prompted to another login page, which requires a 4 digits security code.
Email client:
Enter 4 digits security code:
Now let’s login as user carlos and bypass the 2FA:
In here, since we’re already logged in via a valid username and password, we’re technically logged in!
Why not just go to /my-account page?
Nice! The application doesn’t check we have entered a valid 2FA code or not!
What we’ve learned:
- 2FA simple bypass