1. Web Security Academy
  2. Authentication
  3. Multi-factor
  4. Lab

Lab: 2FA simple bypass


This lab's two-factor authentication can be bypassed. You have already obtained a valid username and password, but do not have access to the user's 2FA verification code. To solve the lab, access Carlos's "My account" page.

  • Your credentials: wiener:peter
  • Victim's credentials carlos:montoya