2factor auth bypass
Рет қаралды 9,096
Жыл бұрынAn attacker can perform an Authentication bypass...
check it before comment this not a bug
Note: Hi there,
Thanks for the report. What you are showing is that the authentication cookies are not being expired on logout. This issue is considered out-of-scope as documented in our vulnerability disclosure policy as it is classified as a low severity vulnerability (P4 or P5) according to Bugcrowd’s Vulnerability Rating Taxonomy. As stated in our policy, we do not pay bounties for such issues.
Best,
@steiner254 Жыл бұрын
That's not a bug. You've copied even the userID.. That's a p5. Unless you demostrate where the application leaks respective user ID's.
@ravichander941 Жыл бұрын
Also the userid is encrypted so we can't even brute force it
@steiner254 Жыл бұрын
@@ravichander941 mehn...
@naumanbackupstests746 Жыл бұрын
He even paste the cookies that never expired
@steiner254 Жыл бұрын
@@naumanbackupstests746 😅aiseee
@bugbountypoc4096 Жыл бұрын
I really agree with all of you and after the report I also thought about it but it was accepted as a p4. the company also told me in this same topic.. so, they considered as a session not expire...
@hossamshady1383 8 ай бұрын
the question as triager where did you got the cookies of response , there is set-cookie response that can't be bypass 2fa and if so it would be p4 or p5
@bugbountypoc4096 8 ай бұрын
Bro please check the description box. I have already mentioned
@hiddenstar3393 Жыл бұрын
Was that a 2fa bypass through a response manipulation ?
@bugbountypoc4096 Жыл бұрын
yes
@edavidwaner2187 4 ай бұрын
intresting ✌✌✌✌
@itsm3dud39 Жыл бұрын
on which platform you find this program?
@bugbountypoc4096 Жыл бұрын
www.nuclino.com/vulnerability-disclosure-policy
@Xpl0itme921 Ай бұрын
This is not a bug nor 2fa bypass you just copy the cookies and paste it on the response.
@bugbountypoc4096 Ай бұрын
I agree. But session cookie must be expire after log out.
@Xpl0itme921 Ай бұрын
@@bugbountypoc4096 please change the title it help to understand the poc for all
@c09yc47 Жыл бұрын
This is not a bug bro
@bugbountypoc4096 Жыл бұрын
2fa bypass using old session. That is also a part of a 2fa bypass. this report was considered as p4.
@satishpyata1795 Жыл бұрын
That's not a bug.
@bugbountypoc4096 Жыл бұрын
2fa bypass using old session. That is also a part of a 2fa bypass. check it on google
@tsumogi Жыл бұрын
@@bugbountypoc4096 but that means the attacker would already have to have access to the account, making the 2fa bypass useless since the attacker is already in the account
@zzzzzzzzZzZZzzzaZzz Жыл бұрын
where the bypass ?
@bugbountypoc4096 11 ай бұрын
2fa bypass using the old cookie. why does this not bypass????
@zzzzzzzzZzZZzzzaZzz 11 ай бұрын
@@bugbountypoc4096 Nice and how you got the old cookie ?
Marusya Outdoors
Рет қаралды 68 МЛН
Commodore Cave
Рет қаралды 94
EDUCATION HIVE
Рет қаралды 18 М.
Sergey Tech
Рет қаралды 22 М.
Fusion Labs
Рет қаралды 31 М.
Immersed
Рет қаралды 2,4 МЛН