No 2FA Confirmation on 2FA Disable

Disclosed by
Codermak
  • Program Atlassian
  • Disclosed date about 4 years ago
  • Priority P5 Bugcrowd's VRT priority rating
  • Status Informational This vulnerability is seen as an accepted business risk
Summary by Atlassian

A Bitbucket Cloud user can disable their 2FA without having to confirm the operation with a fresh 2FA code.

Summary by Codermak

Can we disclose this report publically

Activity