January 26, 2021

Is being able to bypass 2FA on PayPal a security vulenrability?

Our business Paypal account had some unusual login attempts on it, which triggered us needing 2FA to login each time.

I found a pretty easy way to bypass this, and reported the issue to Paypal on HackerOne with a video and description on how to circumvent it.

I was told that “the reported behavior is intended” and they are closing the issue as informative.

A week on and the issue appears to be fixed.

Granted the way I found to bypass it was rather trivial, and I’m no expert. Am I right in thinking this is a legitimate security issue, and they are wrong to state it’s intended behaviour?



Sounds likely to me. Being able to bypass 2FA is not a feature I’d desire.


How did you bypass 2FA?

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.