Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V2 - Authentication

2-Factor Authentication (2FA) Bypass

POC

  1. Submit invalid account credentials and a valid captcha on the login form.
  2. After the Captcha is successfully validated, the authentication request will be sent.
  3. Capture the request with a proxy. It can be submitted multiple times and with different authentication data.

Impact

Low

Likelihood

Low