2FA bypass by sending blank code, (Gives 1000$ bounty)

This indicates a failure in the entered code’s null check. Simply put, the 2FA during login can be avoided by sending a blank code. This could be due to a mismatch between the entered code and the true code. A pre-validation (possibly a null check) before comparing the codes would solve the problem.

Let’s directly Jump into Vulnerability without wasting time.

Find Details About the platform (due to confidentiality I have to write Evil.com)

— Affected URL or select Asset from In-Scope: Evil.com 2FA
— Affected Parameter: code
— Vulnerability Type: Improper Authentication
— Browsers tested: Browser independent

Bypassing Steps:

(Added details for how we can reproduce the issue)

1. Access evil.com and go to https://www.evil.com/member/account/securitySettings input.htm.
2. Turn on 2FA
3. Log off
4. Login again and notice that an OTP is required.
5. Using the Burp suite, intercept the POST request by sending an invalid code. [Do not forward the request]
6. modify the request & Remove the code and forward the request before sending it to the server.
7. Disable Intercept and verify that your login request was successful.

Impact

Bypassing 2FA protection. Despite the victim’s 2FA protection, the attacker could gain access.

Thank you for reading.
I always try to provide useful material to the point. If you like whatever I write. Do press the Clap Icon & follow me to encourage. Subscribe me on Youtube for upcoming Live attacking POC and bug bounty tips.