bug-bounty448
google354
microsoft311
facebook262
xss238
apple179
malware174
rce149
exploit124
bragging-post101
cve99
account-takeover93
phishing83
csrf79
privilege-escalation77
supply-chain65
stored-xss65
authentication-bypass63
dos60
browser57
reflected-xss57
react50
cloudflare49
cross-site-scripting48
reverse-engineering48
input-validation48
access-control47
aws45
docker45
smart-contract45
node44
sql-injection43
ethereum43
web343
defi42
web-security42
web-application41
ssrf38
burp-suite35
idor34
vulnerability-disclosure34
info-disclosure33
race-condition33
html-injection33
cloud32
writeup32
oauth32
buffer-overflow32
smart-contract-vulnerability32
information-disclosure30
0
4/10
bug-bounty
Researcher bypassed two-factor authentication by removing the VerificationDetails JSON parameter from a settings API endpoint, allowing 2FA to be toggled on/off without providing a valid OTP code. The vulnerability exploited insufficient server-side validation of required fields.
two-factor-authentication-bypass
json-parameter-manipulation
authentication-bypass
api-security
input-validation
bragging-post
Aung Pyae Ko Ko
0
6/10
tutorial
Educational writeup demonstrating multiple 2FA bypass techniques including SMS OTP redirection via parameter manipulation, token reuse attacks, lack of rate limiting on OTP verification, and expired confirmation token exploitation. Includes case studies from HackerOne and bug bounty programs.
two-factor-authentication-bypass
otp-bypass
authentication-bypass
mobile-verification
account-takeover
api-security
parameter-manipulation
bug-bounty
rate-limiting
token-reuse
brute-force
Gaurav Narwani
HackerOne
Google
Facebook
Skype
Grab
login.gov