Is it possible to bypass two factor authentication?
#7
This is a very complex question. There are any number of ways that someone might be able to bypass 2fa.

Insider's approach was to assume you couldn't bypass the 2fa authentication - which is not necessarily the case. maybe the developer fucked up the form. maybe it's susceptible to sqli. maybe you could tell the database that you have authenticated even though you haven't. maybe the database is being run open to the internet, with weak credentials. 2fa only works when the system it's implemented on, is also secure. and thats often not the case. so instead of attacking the login, attack the system.

essentially your premise is flawed. the second authentication factor (ie authy/sms/whatever) is generally out of your control. you can't hack what you don't have. so you exploit the things that are in your control.
Reply


Messages In This Thread
RE: Is it possible to bypass two factor authentication? - by MuddyBucket - 04-21-2019, 12:26 AM

Possibly Related Threads…
Thread Author Replies Views Last Post
  Simple Trick to Bypass File Upload Problem abaykan 2 6,592 05-02-2018, 01:33 PM
Last Post: abaykan
  Bypass LFI filter with double encoding peanutbutter 1 8,371 12-12-2017, 06:46 AM
Last Post: blahblahblah
  Possible way to bypass Apache Mod_Security? oxid 1 7,398 08-05-2017, 09:27 PM
Last Post: lunorian
  Client side authentication in real world cyborgs.txt 5 6,645 10-03-2016, 08:01 PM
Last Post: enmafia2