Authentication

Bugs showcase #1: Chaining a lack of values correlation, linear growth of attempts, and other omissions in OTP implementations to achieve 2 ATOs

This post describes two account takeover vulnerabilities w/o user interaction resulting from multiple omissions in the OTP implementations.

January 19, 2023 · 10 min · 2001 words

Multi-factor authentication security testing and possible bypasses

This post contains 11 methods of MFA bypassing

January 9, 2020 · 16 min · 3365 words