Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V2 - Authentication

Weak 2FA Implementation

POC

Observe that one of the following is possible for 2FA - 2FA Secret Cannot be Rotated - 2FA Secret Remains Obtainable After 2FA is Enabled - Missing Failsafe

Impact

Low

Likelihood

Low