V2 - Authentication
2-Factor Authentication (2FA) Bypass
POC
- Submit invalid account credentials and a valid captcha on the login form.
- After the Captcha is successfully validated, the authentication request will be sent.
- Capture the request with a proxy. It can be submitted multiple times and with different authentication data.
Impact
Low
Likelihood
Low