Summary by Indeed
OTP bypass through response modification for new users was identified at https://indeedchat.indeed.com/login.
OTP bypass through response modification for new users
Disclosed by svla01- Engagement Indeed
- Disclosed date over 1 year ago
- Reward $250
- Priority P3 Bugcrowd's VRT priority rating
- Status Resolved This vulnerability has been accepted and fixed
Summary by svla01
A flaw has been discovered allowing a user to bypass double authentication by modifying the response of a request.
Bypass :
- Type a random OTP
- Intercep the response of request "verifyOtp" with burp
- Modify the payload
Access granted