Easiest Authentication Bypass Ever !!!

September 4th 2015,

I was given a revaluation pen-test for a bank's Android/IOS application.
It took me hardly an hour for replicating the test for previous vulnerabilities. When I was done with my work I still got time for sending my report to client. So I started looking to my burp suite history and suddenly I noticed a HTTP Response which was carrying a verification code parameter...



I was shocked as the code was same as OTP that I requested earlier that hour for login to my account. As million question coming to my mind such as how ?, why ? ...etc One thing was clear that the application authentication via OTP was going on at client side.





I had a thought, If the OTP & Verification Codes are present in HTTP Response I can easily Bypass the authentication plus I can change the password for any account I like all I want was victim's User Name or email or mobile number.

So, here goes the POC for How client side OTP Checked is dangerous for users ?

1. I started login with victim mobile no. & user mobile number was checked correctly.







2. Then I was navigated to Enter Password, Forgot Password activity so I  attached my Burp Suite for HTTP Request interception.
  


 3. I clicked on forgot password & a request was generated, I forward the request & intercept the response for that request. Response I received was having verification code.



4. So, I got the verification code, & I was redirected to Verification activity.


5. I put the OTP in form & pressed OK. Then I was successfully entered the Change Password Activity.




Thanks.....



-Raghav Bisht
 
 

Comments

  1. Hello Sir/Madam,
    I have some credit cards with fullz with CVV, while i am trying to buying with these cards, at the time of Payment confirmation
    its shown VBV ( Verified By Visa ) and asking for OTP, can you guide me how i can bypass the OTP.or how i can use these cards.

    I have complete Data about the Cards like, Card Bin Number, Expiry Date, Person Name and CVV, ATM pin. But i don't have OTP,
    So Dear i am looking for some trusted Black Hat Hacker for this little Project, to can Bypass the VBV and get OTP.
    I give him him 30% of the total Amount, credit card limit 4 lakhs means 3800$. First i give him 1 if he can bypass then i give him more.

    I am searching on Internet but there are No Such way to bypass the OTP.
    If you don't want to do that, Kindly suggest any other Carder or Hacker who can do this. I can believe him on your Behalf.

    Thanks You and looking for your Favorable reply.
    Contact : zohaibarif0007@gmail.com

    ReplyDelete

Post a Comment

Popular posts from this blog

Blind OOB XXE At UBER 26+ Domains Hacked.

That Moment When You Find Authentication Bypass Vulnerability In Bug Bounty Program ?