2FA simple bypass


This lab’s two-factor authentication can be bypassed. You have already obtained a valid username and password (wiener:peter and carlos:montoya), but do not have access to the user’s 2FA verification code.

Reproduction and proof of concept

  1. Log in to your own account wiener:peter. Your 2FA verification code will be sent to you by email. Click the Email client button to access your emails.

  2. Go to your account page and make a note of the URL.

  1. Log out of your account.

  2. Log in using the victim’s credentials carlos:montoya.

  3. When prompted for the verification code, manually change the URL to navigate to /my-account. The lab is solved when the page loads.



An attacker will need to access Carlos’s account page.