Two Factor Authentication Bypass | SendGrid
Hello All,
What is SendGrid :
A Cloud-based email service to deliver emails on behalf of companies
having 55,000+ customers ~ https://sendgrid.com/about/
What is Two Factor Authentication :
My Story with them :
I started looking for bugs in SendGrid and after trying whole night i found a XSS
Reported it and when to sleep peacefully
Next morning I checked my email
The bug went duplicate :( It felt bad
I didn't want to test further so I went to delete my account ( I don't want emails from them :__: )
I logged in to my account to see if there is a delete option
when visiting settings page it showed a message asking to setup 2FA
After seeing this new feature I thought lets check it
This is how the Login Process is :
I first tried to use old OTP to bypass :| it didn't worked
Then i send it to intruder to Bruteforce OTP
It was allowing 10 request I wanted to report this :|
( I don't think 10 request is more i should have checked for more)
But while making poc video
I wanted to show that on entering a wrong OTP it shows error
What should i enter ?
So I entered 1234567 as OTP, Guess what it got bypassed
I couldn't believe my self ^_^
POC video :
My Reaction :
Note : This Bug has been Fixed by SendGrid Team on 1st September 2016,
Thanks
Today I will be sharing how I was able to Bypass SendGrid 2FA
What is SendGrid :
A Cloud-based email service to deliver emails on behalf of companies
having 55,000+ customers ~ https://sendgrid.com/about/
What is Two Factor Authentication :
Two-Factor Authentication (2FA) is a type of multi-factor authentication confirming a user’s claimed identity by utilizing a combination of two different authentication methods. 2FA makes it harder for potential intruders to gain access and steal user’s personal data or identity. ~ https://en.wikipedia.org/wiki/Multi-factor_authentication
My Story with them :
I started looking for bugs in SendGrid and after trying whole night i found a XSS
Reported it and when to sleep peacefully
Next morning I checked my email
The bug went duplicate :( It felt bad
I didn't want to test further so I went to delete my account ( I don't want emails from them :__: )
I logged in to my account to see if there is a delete option
when visiting settings page it showed a message asking to setup 2FA
After seeing this new feature I thought lets check it
This is how the Login Process is :
- User enters username and password
- If username and password is right
- 7 digit number is send to associated phone number
- User enters the number and it gets verified
- If it is right then user is redirect to his account
I first tried to use old OTP to bypass :| it didn't worked
Then i send it to intruder to Bruteforce OTP
It was allowing 10 request I wanted to report this :|
( I don't think 10 request is more i should have checked for more)
But while making poc video
I wanted to show that on entering a wrong OTP it shows error
What should i enter ?
So I entered 1234567 as OTP, Guess what it got bypassed
I couldn't believe my self ^_^
Reason : They forgot to remove the master code
POC video :
My Reaction :
Note : This Bug has been Fixed by SendGrid Team on 1st September 2016,
Thanks
kul Nigga <3 :V
ReplyDeleteThanks :D
Deletesir what about payment
ReplyDeleteGreat,Two-factor authentication or 2FA adds a second level of authentication to an account log-in.
ReplyDeleteToday we will Discuss One interesting Topic OTP (One time password) Bypass ! How hackers able to Bypass OTP by pass On Web Or Mobile based application.
ReplyDelete