One more 2FA Misconfig 1)Create account and enable 2FA. 2)Now there is a option in 2FA to remember the device enable it. 3)Enter into the account and disable the 2FA and Enable new 2FA. 4)Now you can make login without asking new 2FA code. Bounty - €€€ 🤑 #bugbountytips
@sivanes90967948 @MrrFawadkhann To summarize, disabling the 2FA should destroy the list of devices that has been remembered previously?
@sivanes90967948 It’s device based detection mechanism tho
@sivanes90967948 Is it a bug? Because we allowed the permission to the device not to ask 2 fa so that it didn't ask 2 fa
@sivanes90967948 Lol...is this a vulnerability?,How can an attacker bypass an account that has 2FA enabled?
@sivanesh_hacker @ShauryaSharma05 Pretty sure nobody paid you for this bug