How I bypassed 2FA of the Top Cryptocurrency Company
Introduction
This article is a write up on how I found a 2FA Bypass vulnerability at one of the Top Cryptocurrency Company, no matter your account is blocked or not this bypass works and you are into the account!!
What is Two-Factor Authentication (2FA)
Two-factor authentication (2FA) adds an extra layer of security to your online accounts by asking for verification code after you sign in with your email address and password.
The verification code is generated by an application on your smartphone. To gain access to your account a potential attacker would need your email address, your password, as well as your phone.
Vulnerability exploitation
So this time my target was a Cryptocurrency company, Sorry I can't disclose the name of the company as it was as Private Program !!
This was an Android Application so I started my Emulator installed the application and started hunting for bugs. After some time I came across “Pin Code” which was asked every time when a user tries to log in to the account !!
I opened my burpsuite and started looking for the response after successfully validating the Pin Code.
- When a user login with correct…
