1. Web Security Academy
  2. Authentication vulnerabilities
  3. Multi-factor
  4. Lab

Lab: 2FA broken logic


This lab's two-factor authentication is vulnerable due to its flawed logic. To solve the lab, access Carlos's "My account" page.

  • Your credentials: wiener:peter
  • Victim's username: carlos

You also have access to the email server to receive your 2FA verification code.