Post by Synack Red Team
77,087 followers
2FA is supposed to be the safety net after a password fails. These two applications trusted the client to say whether it worked. In his latest Exploits Explained post, Synack Red Team researcher Ozgur Alp walks through two real-world 2FA bypasses found via response tampering where the application validated OTP completion on the client side rather than the server. This left the door open for an attacker to simply tell it what it wanted to hear. In the first case, the application returned an error when an invalid OTP code was entered. By intercepting that error response and changing it to look like a success, the 2FA step disappeared entirely. In the second, replacing the full JSON response body of a failed OTP request with a success response was enough to advance the session. Logic flaws like these don't announce themselves. They show up when a researcher slows down, compares valid and invalid responses side by side, and asks what the server is actually trusting. Read the full post here: https://hubs.ly/Q04mw2Dg0 #SynackRedTeam #EthicalHacking #Pentesting #Cybersecurity