Hello Readers!
Morning of Sunday 18th of April after playing video game I decided to make a quick hunt on one of the bug bounty program that I found on Google. So I fired up some of my favorite recon tools to gather information from the website and while the tools are doing their things I registered my email on the website to test on the login and reset password page. After few checks on the login page I decided to enable the 2FA verification on my account to check if there is an issue on the 2FA feature and fortunately found an interesting one.
So long story short I found a 2FA verification bypass on Shapeshift which allow me access an account with 2FA enabled without giving the correct 2FA code during the login procedure. The vulnerability is easy to reproduce, A simple tampering of one of the value of the parameters in the 2FA verification request able me to bypass the feature due to lack of authentication of the app.
So below is the proof of concept of the issue.
--Proof of Concept--
Dear Evan,Thank you for reaching out to the ShapeShift security team! Unfortunately, we haven’t yet been able to confirm this issue. Would you be willing to double check that 2FA Verification Bypass Vulnerability truly exists?Thank you again. It’s people like you who make the Internet a safer place!ShapeShift Security Team
Dear Evan,Thank you sending more videos. We checked this issue and the security team already been made aware of this issue by another researcher. For your reference, here is the tracking number for this issue: VULN-<XXXX>.We are currently working with that researcher to resolve the issue.Thanks for taking the time to report a vulnerability to ShapeShift. It’s because of researchers like you that the web is a little bit safer.Have a wonderful day!ShapeShift Security Team
I hope you enjoy this write up.
Stay safe everyone!
They are all full of stamina and excellent lovemaking sense.Escorts Rate in Gujarat They know all sorts of processes and posing you love most.Escorts whatsapp number in Gujarat From the oral to anal, from hand to clitoral- all sorts of lovemaking sense is present in them.Agra Russian Call Girls They are well trained by the best trainer in Housewife Escorts in IndoreHaridwar. If you pass a few minutes with them,Housewife Escorts in Haridwar you will feel an unmatched joy and joviality that will make you further Housewife Escorts in Goa go happy and full of vitality.
ReplyDeleteSomeone Sometimes with visits your blog regularly and recommended it in my experience to read as well. The way of writing is excellent and also the content is top-notch. Thanks for that insight you provide the readers! 먹튀검증
ReplyDeleteThanks for picking out the time to discuss this, I feel great about it and love studying more on this topic. It is extremely helpful for me. Thanks for such a valuable help again. 먹튀검증사이트
ReplyDeleteeven somebody to spend a night with you and let you grasp the pleasures that often lie just a little out of our reach. Esc0rts service in jaipur
ReplyDeleteAwesome and entertaining article. I like to write a little comment to support you. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. I wanted to see hope in future you will continue to sharing such an excellent post. Feel free to visit my website; 야설
ReplyDelete일본야동
국산야동
일본야동
국산야동
It was a very good post indeed. I thoroughly enjoyed reading it in my lunch-time. I Will surely come and visit this blog more often. Feel free to visit my website;
ReplyDelete야설
일본야동
국산야동
일본야동
국산야동
I really loved reading your blog. It was very well authored and easy to understand. Unlike other blogs I have read which are really not that good. Thanks a lot! Feel free to visit my website; 야설
ReplyDelete일본야동
국산야동
일본야동
국산야동
I like this website its a master peace ! Glad I found this on google . I must say, as a lot as I enjoyed reading what you had to say, I couldn't help but lose interest after a while. Feel free to visit my website; 야설
ReplyDelete일본야동
국산야동
일본야동
국산야동
I must thank you for the efforts you’ve put in writing this blog. I am hoping to view the same high-grade blog posts from you later on as well. In fact, your creative writing abilities has inspired me to get my very own blog now ?? Thank you for the auspicious writeup Feel free to visit my website; 야설
ReplyDelete일본야동
국산야동
일본야동
국산야동