Original Post: How I Bypass 2FA while Resetting Password
This vulnerability was analyzed during Episode 141 on 02 May 2022
Probably as easy of a 2FA bypass as I’ve seen, effectively if the account had 2FA the second stage of the password reset form would submit to /reset2fa
and if there was no 2FA registered for the account, it would submit to /reset
so the attack was just to modify the submission to point to /reset
instead of /reset2fa
and it wouldn’t prompt for the 2FA token.