Vulnerability Summary
After an initial 2FA bypass vulnerability was “fixed” by removing the isVerifyAuth cookie from local storage, the application still trusted this value if it existed.
Upon successful login with valid credentials, users are redirected to the OTP verification page at:
example.com/customer/verify-otp
During my initial inspection using DevTools, I verified the presence of the isVerifyAuth cookie, which was previously set to false. The company had removed this cookie from local storage as part of their security patch, resulting in its absence by default.
However, the application still accepted the cookie if it was manually reintroduced.
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3370430 by hossam25
hidalg0dWhat started as a simple JavaScript analysis ended in a broken OAuth flow that allowed unauthenticated access to protected APIs — and a €1500 bug bounty reward.
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/2380133 by hakuna
No comments yet.
Be the first to share your thoughts
Log in to join the discussion.
Sign In