January 26, 2021

Is being able to bypass 2FA on PayPal a security vulenrability?

  2. Computers and Internet
  3. Is being able to bypass 2FA on PayPal a security vulenrability?

Our business Paypal account had some unusual login attempts on it, which triggered us needing 2FA to login each time.

I found a pretty easy way to bypass this, and reported the issue to Paypal on HackerOne with a video and description on how to circumvent it.

I was told that “the reported behavior is intended” and they are closing the issue as informative.

A week on and the issue appears to be fixed.

Granted the way I found to bypass it was rather trivial, and I’m no expert. Am I right in thinking this is a legitimate security issue, and they are wrong to state it’s intended behaviour?

Computers and Internet

Comments

Saguarosaurus
January 26, 2021 at 5:40 pm - Reply

Sounds likely to me. Being able to bypass 2FA is not a feature I’d desire.

johnFvr
January 26, 2021 at 5:40 pm - Reply

How did you bypass 2FA?

Subscribe

Leave a Reply

Your email address will not be published. Required fields are marked *

Or, you can subscribe without commenting.
Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.