2FA simple bypass

Description

This lab’s two-factor authentication can be bypassed. You have already obtained a valid username and password (wiener:peter and carlos:montoya), but do not have access to the user’s 2FA verification code.

Reproduction and proof of concept

  1. Log in to your own account wiener:peter. Your 2FA verification code will be sent to you by email. Click the Email client button to access your emails.

  2. Go to your account page and make a note of the URL.

https://0ae300ee036172afc23f703800b90085.web-security-academy.net/my-account?id=wiener

  1. Log out of your account.

  2. Log in using the victim’s credentials carlos:montoya.

  3. When prompted for the verification code, manually change the URL to navigate to /my-account. The lab is solved when the page loads.

https://0ae300ee036172afc23f703800b90085.web-security-academy.net/my-account?id=carlos

Exploitability

An attacker will need to access Carlos’s account page.