2factor auth bypass

Поделиться
HTML-код
  • Опубликовано: 10 сен 2022
  • An attacker can perform an Authentication bypass...
    check it before comment this not a bug
    Note: Hi there,
    Thanks for the report. What you are showing is that the authentication cookies are not being expired on logout. This issue is considered out-of-scope as documented in our vulnerability disclosure policy as it is classified as a low severity vulnerability (P4 or P5) according to Bugcrowd’s Vulnerability Rating Taxonomy. As stated in our policy, we do not pay bounties for such issues.
    Best,
  • НаукаНаука

Комментарии • 26

  • @steiner254
    @steiner254 Год назад +26

    That's not a bug. You've copied even the userID.. That's a p5. Unless you demostrate where the application leaks respective user ID's.

    • @ravichander941
      @ravichander941 Год назад +1

      Also the userid is encrypted so we can't even brute force it

    • @steiner254
      @steiner254 Год назад +1

      @@ravichander941 mehn...

    • @naumanbackupstests746
      @naumanbackupstests746 Год назад +8

      He even paste the cookies that never expired

    • @steiner254
      @steiner254 Год назад +1

      @@naumanbackupstests746 😅aiseee

    • @bugbountypoc4096
      @bugbountypoc4096  Год назад +2

      I really agree with all of you and after the report I also thought about it but it was accepted as a p4.
      the company also told me in this same topic.. so, they considered as a session not expire...

  • @hossamshady1383
    @hossamshady1383 8 месяцев назад +2

    the question as triager where did you got the cookies of response , there is set-cookie response that can't be bypass 2fa and if so it would be p4 or p5

    • @bugbountypoc4096
      @bugbountypoc4096  8 месяцев назад

      Bro please check the description box. I have already mentioned

  • @hiddenstar3393
    @hiddenstar3393 Год назад +1

    Was that a 2fa bypass through a response manipulation ?

  • @edavidwaner2187
    @edavidwaner2187 4 месяца назад +1

    intresting ✌✌✌✌

  • @itsm3dud39
    @itsm3dud39 Год назад +1

    on which platform you find this program?

  • @Xpl0itme921
    @Xpl0itme921 Месяц назад

    This is not a bug nor 2fa bypass you just copy the cookies and paste it on the response.

    • @bugbountypoc4096
      @bugbountypoc4096  Месяц назад

      I agree. But session cookie must be expire after log out.

    • @Xpl0itme921
      @Xpl0itme921 Месяц назад

      @@bugbountypoc4096 please change the title it help to understand the poc for all

  • @c09yc47
    @c09yc47 Год назад +4

    This is not a bug bro

    • @bugbountypoc4096
      @bugbountypoc4096  Год назад +1

      2fa bypass using old session. That is also a part of a 2fa bypass. this report was considered as p4.

  • @satishpyata1795
    @satishpyata1795 Год назад +3

    That's not a bug.

    • @bugbountypoc4096
      @bugbountypoc4096  Год назад

      2fa bypass using old session. That is also a part of a 2fa bypass. check it on google

    • @tsumogi
      @tsumogi Год назад +2

      @@bugbountypoc4096 but that means the attacker would already have to have access to the account, making the 2fa bypass useless since the attacker is already in the account

  • @zzzzzzzzZzZZzzzaZzz
    @zzzzzzzzZzZZzzzaZzz Год назад +1

    where the bypass ?

    • @bugbountypoc4096
      @bugbountypoc4096  11 месяцев назад

      2fa bypass using the old cookie. why does this not bypass????

    • @zzzzzzzzZzZZzzzaZzz
      @zzzzzzzzZzZZzzzaZzz 11 месяцев назад +1

      @@bugbountypoc4096 Nice and how you got the old cookie ?

Следующие
Автовоспроизведение
5 Methods to bypass Authentication (OTP) | Bug-bounty POC | Live-Site | Practical included14:515 Methods to bypass Authentication (OTP) | Bug-bounty POC | Live-Site | Practical included
5 Methods to bypass Authentication (OTP) | Bug-bounty POC | Live-Site | Practical includedY0giSec
Просмотров 21 тыс.
How To Get Into Bug Bounty XSS Vulnerability NASA31:20How To Get Into Bug Bounty XSS Vulnerability NASA
How To Get Into Bug Bounty XSS Vulnerability NASACodePrefer
Просмотров 5 тыс.
How Hackers Bypass Two-Factor Authentication (2FA)?!9:20How Hackers Bypass Two-Factor Authentication (2FA)?!
How Hackers Bypass Two-Factor Authentication (2FA)?!Loi Liang Yang
Просмотров 106 тыс.
What We'll See at TOMORROW'S Nintendo Direct June 202407:35What We'll See at TOMORROW'S Nintendo Direct June 2024
What We'll See at TOMORROW'S Nintendo Direct June 2024Austin John Plays
Просмотров 102 тыс.
Celtics beat Mavs in Game 5 to win 2024 NBA Finals: Jaylen Brown named Finals MVP | NBA | UNDISPUTED25:52Celtics beat Mavs in Game 5 to win 2024 NBA Finals: Jaylen Brown named Finals MVP | NBA | UNDISPUTED
Celtics beat Mavs in Game 5 to win 2024 NBA Finals: Jaylen Brown named Finals MVP | NBA | UNDISPUTEDUNDISPUTED
Просмотров 471 тыс.
House of the Dragon Season 2 | Weeks Ahead Trailer | Max02:14House of the Dragon Season 2 | Weeks Ahead Trailer | Max
House of the Dragon Season 2 | Weeks Ahead Trailer | MaxMax
Просмотров 1,2 млн
Season 11: Super Mega Ultrawatch Official Trailer | Overwatch 203:05Season 11: Super Mega Ultrawatch Official Trailer | Overwatch 2
Season 11: Super Mega Ultrawatch Official Trailer | Overwatch 2PlayOverwatch
Просмотров 627 тыс.
Is this the best OSINT tool out there?!17:10Is this the best OSINT tool out there?!
Is this the best OSINT tool out there?!stuffy24
Просмотров 304 тыс.
JWT authentication bypass via flawed signature verification $60003:35JWT authentication bypass via flawed signature verification $6000
JWT authentication bypass via flawed signature verification $6000mahfujwhh
Просмотров 122
WANNACRY: The World's Largest Ransomware Attack (Documentary)29:52WANNACRY: The World's Largest Ransomware Attack (Documentary)
WANNACRY: The World's Largest Ransomware Attack (Documentary)The TWS Channel
Просмотров 551 тыс.
Kerberos Authentication Explained | A deep dive16:52Kerberos Authentication Explained | A deep dive
Kerberos Authentication Explained | A deep diveDestination Certification
Просмотров 327 тыс.
Updated Beginners Guide to API Bug Bounty30:05Updated Beginners Guide to API Bug Bounty
Updated Beginners Guide to API Bug BountyInsiderPhD
Просмотров 11 тыс.
Bounty $3000 http request smuggling in twitter.com of #POC | #Hack_The_Web5:46Bounty $3000 http request smuggling in twitter.com of #POC | #Hack_The_Web
Bounty $3000 http request smuggling in twitter.com of #POC | #Hack_The_WebEDUCATION HIVE
Просмотров 18 тыс.
How hackers Bypass Multi Factor Authentication | Evilginx 28:14How hackers Bypass Multi Factor Authentication | Evilginx 2
How hackers Bypass Multi Factor Authentication | Evilginx 2Cyberlinx Security
Просмотров 73 тыс.
2FA Bypass | How to Bypass OTP with Burp Suite| Fusion Labs | #bugbounty9:322FA Bypass | How to Bypass OTP with Burp Suite| Fusion Labs | #bugbounty
2FA Bypass | How to Bypass OTP with Burp Suite| Fusion Labs | #bugbountyFusion Labs
Просмотров 31 тыс.
Web Cache Poisoning With Multiple Host Headers | Bug Bounty Program | Bug Bounty POC 20234:12Web Cache Poisoning With Multiple Host Headers | Bug Bounty Program | Bug Bounty POC 2023
Web Cache Poisoning With Multiple Host Headers | Bug Bounty Program | Bug Bounty POC 2023Arfi Tutorials
Просмотров 3,6 тыс.
AI от Apple - ОБЪЯСНЯЕМ24:19AI от Apple - ОБЪЯСНЯЕМ
AI от Apple - ОБЪЯСНЯЕМDroider
Просмотров 126 тыс.
БОЛЬШОЙ и полный обзор iOS 18 для iPhone! 150+ нововведений! (beta 1)22:02БОЛЬШОЙ и полный обзор iOS 18 для iPhone! 150+ нововведений! (beta 1)
БОЛЬШОЙ и полный обзор iOS 18 для iPhone! 150+ нововведений! (beta 1)ProTech
Просмотров 175 тыс.
Gizli Apple Watch Özelliği😱00:14Gizli Apple Watch Özelliği😱
Gizli Apple Watch Özelliği😱Safak Novruz
Просмотров 2,3 млн
Windows - это кринж! #пк #игры #сборкапк #игровойпк #гейминг #pc #games #windows #macos #apple00:59Windows - это кринж! #пк #игры #сборкапк #игровойпк #гейминг #pc #games #windows #macos #apple
Windows - это кринж! #пк #игры #сборкапк #игровойпк #гейминг #pc #games #windows #macos #appleMaxxPC
Просмотров 1 млн
ЭТО КЛАВИАТУРА С ЭКРАНЧИКОМ | Royal Kludge RK-S9800:30ЭТО КЛАВИАТУРА С ЭКРАНЧИКОМ | Royal Kludge RK-S98
ЭТО КЛАВИАТУРА С ЭКРАНЧИКОМ | Royal Kludge RK-S98MALLOY
Просмотров 30 тыс.
How To Unlock Your iphone With Your Voice00:34How To Unlock Your iphone With Your Voice
How To Unlock Your iphone With Your Voice요루퐁 yorupong
Просмотров 24 млн
Корпус, которым можно делать что угодно! QUBE 500 и варианты кастомизации #пк #pc #комп #компьютер00:59Корпус, которым можно делать что угодно! QUBE 500 и варианты кастомизации #пк #pc #комп #компьютер
Корпус, которым можно делать что угодно! QUBE 500 и варианты кастомизации #пк #pc #комп #компьютерRoyal Computers
Просмотров 18 тыс.
КАК НЕ СОБРАТЬ ПОЛНЫЙ ХЛАМ? ПРАВИЛЬНЫЙ ПОДБОР КОМПЛЕКТУЮЩИХ ПК20:18КАК НЕ СОБРАТЬ ПОЛНЫЙ ХЛАМ? ПРАВИЛЬНЫЙ ПОДБОР КОМПЛЕКТУЮЩИХ ПК
КАК НЕ СОБРАТЬ ПОЛНЫЙ ХЛАМ? ПРАВИЛЬНЫЙ ПОДБОР КОМПЛЕКТУЮЩИХ ПКSerodji
Просмотров 51 тыс.