2FA Bypass due to unauthorized 2FA disabling via X/CSRF

Ahmed Rabeaa Mosaa (SadC0d3r)

2 min readJun 3, 2022

Product Info

Vendor: Marval Software Ltd.
Product: Marval MSM
Version: v14.19.0.12476
Vulnerability: 2FA Bypass

Hi guys hope doing well

In this article i will share scenario faced me in penetration testing engagement how i bypassed 2FA

So let’s start

What is the 2FA?
The 2FA (two factor authentication) bypass is a misconfiguration allows the attacker to bypass the validation workflow of the 2FA which will lead to to getting unauthorized access to the user’s account. This application is vulnerable to X/CSRF (Cross-site request forgery), CSRF is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other. The action can be performed by exploiting this vulnerability in our case here is disabling the 2FA, this means if the attacker have the user’s credentials he can access the account without interacting with the 2FA as well.

In first h have 2 account with the same privilege

During the test i found the app have csrf token for editing profile info only but didn’t send CSRF token when you want disable 2FA

Ok, the scenario is if attacker get the username/password by any way for any account and the account owner has Enabled 2FA
the attacker can easily force the user to disable 2FA with out his know and use the credential you have to access the account

PoC

<html>

After send the exploit code to the victim the 2FA will be disable and i can bypass it

2FA Bypass due to unauthorized 2FA disabling via X/CSRF

Written by Ahmed Rabeaa Mosaa (SadC0d3r)

No responses yet