How I bypassed 2FA of the Top Cryptocurrency Company

Introduction

This article is a write up on how I found a 2FA Bypass vulnerability at one of the Top Cryptocurrency Company, no matter your account is blocked or not this bypass works and you are into the account!!

Image for post

What is Two-Factor Authentication (2FA)

Two-factor authentication (2FA) adds an extra layer of security to your online accounts by asking for verification code after you sign in with your email address and password.

The verification code is generated by an application on your smartphone. To gain access to your account a potential attacker would need your email address, your password, as well as your phone.

Vulnerability exploitation

So this time my target was a Cryptocurrency company, Sorry I can't disclose the name of the company as it was as Private Program !!

This was an Android Application so I started my Emulator installed the application and started hunting for bugs. After some time I came across “Pin Code” which was asked every time when a user tries to log in to the account !!

I opened my burpsuite and started looking for the response after successfully validating the Pin Code.

  1. When a user login with correct Pin Code following response was made,

HTTP/1.1 202 Accepted

{“status”:1,”valid”:true,”message”:”success”}

2. When a user login with incorrect Pin code following response was made,

HTTP/1.1 401 Unauthorized

{“status”:0,”valid”:false,”message”:”You have been blocked due to many attempts”}

As I have tried multiple times that's why my account was blocked still I was able to bypass the functionality !!

As you can see above when you try with incorrect Pin Code,

“status”:0

”valid”:false

What I did here was just to change the

“status”:1

”valid”:true

As soon as I changed the response with 1 and true the request was accepted and even though my account was blocked and the Pin Code was incorrect I was able to log in to my account and I was like,

Image for post

So I wrote a nice report and submitted to them and I was Acknowledged and rewarded with $$$.

Happy to Secure and one more added to the list :) !!

If you need any help or want to connect, you can connect with me via Linkedin at https://in.linkedin.com/in/ashish-dhone-640489135

I hope it will help you with your bug hunting !!

Thanks for Reading !!

./Keep_Hacking

Information Security Analyst at Persistent Systems | Synack Red Team Member | CEH v10 | CEH Master | Bug Bounty Hunter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store