Bypass two-factor authentication
Low
C
Cloudflare Public Bug Bounty
Submitted None
Team Summary
Official summary from Cloudflare Public Bug Bounty
Due to lack of validation, a malicious actor could brute force OTP 2fa and guess a correct number after multiple failures. The issue was fixed by the Engineering team by implementing restrictions on 2FA attempts.
Actions:
Reported by
ydvanjali
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$250.00
Submitted
Weakness
Improper Authentication - Generic