Two Factor Authentication Bypass | SendGrid

Hello All,

Today I will be sharing how I was able to Bypass SendGrid 2FA


What is SendGrid :

A Cloud-based email service to deliver emails on behalf of companies
having  55,000+ customers ~ https://sendgrid.com/about/


What is Two Factor Authentication :


Two-Factor Authentication (2FA) is a type of multi-factor authentication confirming a user’s claimed identity by utilizing a combination of two different authentication methods. 2FA makes it harder for potential intruders to gain access and steal user’s personal data or identity. ~ https://en.wikipedia.org/wiki/Multi-factor_authentication


My Story with them :



I started looking for bugs in SendGrid  and after trying whole night i found  a  XSS
Reported it and when to sleep peacefully

Next morning I checked my email

The bug went duplicate :(  It felt bad


I didn't want to test further so I went to delete my account ( I don't want emails from them :__: )

I logged in to my account to see if there is a delete option
when visiting settings page it showed a message asking to setup 2FA

After seeing this  new feature I thought lets check it

This is how the Login Process is :  

  1. User enters username and password
  2. If username and password is right
  3. 7 digit number is send to associated phone number
  4. User enters the number and it gets verified
  5. If it is right then user is redirect to his account

I first tried to use old OTP to bypass :| it didn't worked

Then i send it to intruder to Bruteforce  OTP

It was allowing 10 request I wanted to report this :|
( I don't think 10 request is more i should have checked for more)

But while making poc video

I wanted to show that on entering a wrong OTP it shows error

What should i enter ?
So I entered 1234567 as OTP, Guess what it got bypassed

I couldn't believe my self  ^_^ 


Reason : They forgot to remove the master code


POC video :
             


My Reaction :







Note : This Bug has been Fixed by SendGrid Team on 1st September 2016,
Thanks 

Comments

  1. Great,Two-factor authentication or 2FA adds a second level of authentication to an account log-in.

    ReplyDelete
  2. Today we will Discuss One interesting Topic OTP (One time password) Bypass ! How hackers able to Bypass OTP by pass On Web Or Mobile based application.

    ReplyDelete

Post a Comment

Popular posts from this blog

Exploiting CORS Misconfiguration using XSS

XSS Because of wrong Content-type Header

Open Redirect In Flock | My First Swag pack