Two Factor Authentication Bypass [ $50 ]

Hi everyone.Today i want to share bug bounty experience from my private program .

I was checking for some vulnerability.

» NOTHING FOUND »

I think let’s try to next time.I noticed Two Factor Authentication — ON/OFF in some strange json endpoint.I decided this can be vulnerable and then that I try to bypass.

Two Factor Authentication is a need 5 digit OTP.I enter the 5 digit OTP are not real value.(I try to ON the Two Factor Authentication)

PUT /api/sts/v2/settings?client_request_id=b8e69342–2e33–4f53-b323-e9186c97e995 HTTP/1.1
Host: www.target.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: application/json, text/plain, /
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://www.target.com/settings/account
Content-Type: application/json;charset=utf-8
Content-Length: 105
Connection: close

{“Settings”:{“DataType”:”Integer”,”DomainName”:”services”,”ResourceName”:”TwoFactor”,”SelectedValue”:1},”VerificationDetails”:{“VerificationId”:”f2315d56-a523–42ea-9999–4de187ec5d07",”VerificationCode”:”12345"}}

Now i found that in this request.Simply forward this request and went to get response.I only get message Invalid verification code in the response.I Check it out.

Wait!!.I know that this.Two Factor Authentication is based SelectedValue(ON is 1 and OFF is 2).Why you to need in other json endpoint(VerificationDetails).Because SelectedValue is include in Settings.Therefore i remove VerificationDetails to the json endpoint and then send the request.

Hola !! I was able to Two Factor Authentication ON/OFF without verifying the OTP.

I report to private program and i got Informative.

Now reopen and i got $50

Sorry for my poor English.

I am noob. See you next bug.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store