Research Academy
My account Customers About Blog Careers Legal Contact Resellers
  1. Web Security Academy
  2. Authentication vulnerabilities
  3. Multi-factor
  4. Lab

Lab: 2FA simple bypass

APPRENTICE

This lab's two-factor authentication can be bypassed. You have already obtained a valid username and password, but do not have access to the user's 2FA verification code. To solve the lab, access Carlos's account page.

  • Your credentials: wiener:peter
  • Victim's credentials carlos:montoya
Access the lab

In this topic

Authentication vulnerabilities Password-based login Multi-factor authentication Other authentication mechanisms How to secure your authentication mechanisms

All topics

SQL injection XSS CSRF Clickjacking DOM-based CORS XXE SSRF Request smuggling Command injection Server-side template injection Insecure deserialization Directory traversal Access control Authentication vulnerabilities OAuth authentication Business logic vulnerabilities Web cache poisoning HTTP Host header attacks WebSockets Information disclosure File upload vulnerabilities JWT attacks Essential skills Prototype pollution
Try Burp Suite for Free

Find vulnerabilities in your authentication using Burp Suite

Try for free

Register for free to track your learning progress

The benefits of working through PortSwigger's Web Security Academy

  • Practise exploiting vulnerabilities on realistic targets.

  • Record your progression from Apprentice to Expert.

  • See where you rank in our Hall of Fame.

Already got an account? Login here