I found a way to bypass two factor authentication on login.gov which contains critical informations in it. This vulnerability occurs because of the misconfigurated token. The account creating process of login.gov is very interesting. You need to confirm your email first, instead of last. I realised that this might cause some security problems. And it…
BYPASS TWO FACTOR AUTHENTICATION VULNERABILITY ON LOGIN.GOV
Recent Posts
- Protected: REDACTED 20 November 2021
- [REDACTED] App – Insufficiently “Encrypted” Config Leads to Free InAppPurchase 23 March 2020
- Make IDOR great again! 5 December 2019