Showing posts from April, 2016

Easiest Authentication Bypass Ever !!!

September 4th 2015,

I was given a revaluation pen-test for a bank's Android/IOS application.
It took me hardly an hour for replicating the test for previous vulnerabilities. When I was done with my work I still got time for sending my report to client. So I started looking to my burp suite history and suddenly I noticed a HTTP Response which was carrying a verification code parameter...

I was shocked as the code was same as OTP that I requested earlier that hour for login to my account. As million question coming to my mind such as how ?, why ? ...etc One thing was clear that the application authentication via OTP was going on at client side.

I had a thought, If the OTP & Verification Codes are present in HTTP Response I can easily Bypass the authentication plus I can change the password for any account I like all I want was victim's User Name or email or mobile number.

So, here goes the POC for How client side OTP Checked is dangerous for users ?

1. I started login with vict…