2-factor authentication bypass
A
Algolia
Submitted None
Team Summary
Official summary from Algolia
Bad 2FA activation flow has been discovered that could lead to user, which would not read the onscreen instructions, thinking the 2FA has been activated before it really did.
Actions:
Reported by
malcolmx
Vulnerability Details
Technical details and impact analysis
Hello aligola team,
there are 2-factor authentication bypass while login
Steps=>
1.made 2-factor authentication in your account
2.login to your account
3.you will see that your account is already opened without do 2-factor authentication
POC video attached
Thanks
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Authentication - Generic