Scribd
Upload
18 views

15. Authentication Bypass Revision

The document discusses various methods of authentication bypass, including OTP and captcha bypass, and provides examples of real-world applications where these vulnerabilities were exploited. It highlights the severity of such vulnerabilities, particularly the risk of account takeover, and emphasizes the importance of server-side verification and strong authentication methods. Additionally, it outlines potential business impacts, such as unauthorized access to user data and loss of personally identifiable information (PII).

Uploaded by

Aftab Shaikh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
18 views

15. Authentication Bypass Revision

The document discusses various methods of authentication bypass, including OTP and captcha bypass, and provides examples of real-world applications where these vulnerabilities were exploited. It highlights the severity of such vulnerabilities, particularly the risk of account takeover, and emphasizes the importance of server-side verification and strong authentication methods. Additionally, it outlines potential business impacts, such as unauthorized access to user data and loss of personally identifiable information (PII).

Uploaded by

Aftab Shaikh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

Authentication Bypass

======================

How does the Authentication Bypass work?


When an attacker modifies the request and when the web application only checks the
client side code, authentication bypass takes place.

Different Methods of Authentication Bypass we learnt:


-----------------------------------------------------
- OTP Bypass
- Captcha Bypass
- true/false - 0/1 conditions to bypass

Live Authentication Bypass methods which we saw:


------------------------------------------------
1. Healthie :
Changed status from 0 to 1

2. BMW India:

Changed “error” to “success”

1. 99 Acres:

Changed parameter “verifivationStatus” to true from false

1. Star Quik:

Sometimes such websites show a logic flaw where 0000 OTP can be bypassed for which
the developer did not set any restrictions.

1. Stylecracker:

Sometimes websites do not have a response when the OTP is incorrect. By Trial and
Hit Method we find out that by inserting values like 1 (in this example) or true or
sometimes status code 200 or such other characters we can bypass the logic.

Live Captcha Bypass:


--------------------
Here we understood that by manipulating response to positive values we can bypass
captcha which are only validated at the client side and not at the server side.

Live Authentication Bypass to Account Takeover:


-----------------------------------------------
1. WforWoman:

Here we logged in using the right OTP, intercepted the response and changed the
“id” parameter to another value so that we could log in into someone else’s account
using our correct OTP

1. Misrii:
Here again we entered the right OTP, and to log in into another user's account we
changed the “user_id” parameter’s value

Authentication Bypass due to OTP Exposure:


------------------------------------------
Sometimes web applications reveal the OTP sent to the victim in the response
itself. The attacker can use the OTP to login on behalf of the user. Two such
websites which we saw were, Tokree and Bank Website

Authentication Bypass of 2FA


-----------------------------
Here after logging out, we changed the “mfa_enabled” parameter to 0 from 1 due to
which the 2FA authentication got disaled and the attacker was able to bypass the
2FA. Such attacks can harm the user when the user highly relies on 2FA.

Authentication Bypass Mitigations:


----------------------------------
- Do not rely on Client side verification instead make checks on Server side too
- Use authentication based on strong tokens such as JWT Tokens
- Use authentication using encrypted data like AES,SHA-1 etc.

Severity of Authentication Bypass:


----------------------------------
Vulnerability with highest severity as an account takeover can be done.

Impact on Business due to Authentication Bypass:


------------------------------------------------
- Any attacker can see other user’s details
- Loss of PII

Best wishes,
Rohit Gautam & Shifa Cyclewala

You might also like