Bypassing 2FA Misconfiguration

2FA MISCONFIGURATION Bypassing the Protections for fun and Profit By:
Tushar Verma

2FA is an extra layer of security used to make
sure that people trying to gain access to an online account are who they say they are. First, a user will enter their username and a password. Then, instead of immediately gaining access, they will be required to provide another piece of information. Two-Factor Authentication Workflow o Application authentication o Standard Login o OTP generation o OTP delivery

1-Register & Login to your account 2-Put any random incorrect
OTP code 3-Intercept the response with Burp-Suite and do response to this request 4-Copy old response which is valid generated by attacker account and paste it

1-Register & Login to your account 2-Put any random incorrect
OTP code 3-Intercept the response with Burp-Suite and do response to this request 4-If Status Code is 4xx,try to change it to 200 OK

1- Request an OTP and use it 2-Now try to
use the same OTP and if the OTP is accepted ,there is an issue Reference: https://hackerone.com/reports/67660 Case 4 – Use null or 000000 1- Request an OTP 2-Enter the code 000000 or leave it blank Reference: https://hackerone.com/reports/897385

1- Intercept the request 2-Brute force the 2FA code with
the help of intruder 3-Analyze the response Reference : https://hackerone.com/reports/128777

Attack Scenario: Using the company's OpenID system for authentication 1-Intercept
the login request and observe the openID flows 2-Try to play with acr_values to bypass 2FA.In this case,change otp+password to sms+password Reference: https://youst.in/posts/bypassing-2fa-using-openid-misconfiguration/

1-Login same account on two browser 2-On Browser A, activate
the 2FA 3-On Browser B, try to reload the webpage 4-The session will be active Case 8 - CSRF on 2FA Disabling 1- Sign up for two accounts. In which first are the attacker’s account and the second is victim’s 2-Log in to attacker’s account and capture the Disable 2FA request in Burp suite and generate CSRF POC 3-Save the CSRF POC file with extension .html 4-Now log in to Victim’s account in the Private Browser and fire that CSRF file. Now you can see that It disables 2FA which leads to 2FA Bypass

Bypassing 2FA Misconfiguration

Bypassing 2FA Misconfiguration

Tushar Verma

More Decks by Tushar Verma

Other Decks in Technology

Featured

Transcript

2FA MISCONFIGURATION Bypassing the Protections for fun and Profit By:

2FA is an extra layer of security used to make

1-Register & Login to your account 2-Put any random incorrect

1-Register & Login to your account 2-Put any random incorrect

1- Request an OTP and use it 2-Now try to

1- Intercept the request 2-Brute force the 2FA code with

Attack Scenario: Using the company's OpenID system for authentication 1-Intercept

1-Login same account on two browser 2-On Browser A, activate

13