How To Bypass Two Step Verification Code
 |
| How To Bypass Two Step Verification Code |
How To Bypass Two Step Verification Code?
Now 2 step authentication are not safe, you guys will shock but its true. The attacker types ../sms in the SMS token field.
Now 2 step authentication are not safe, you guys will shock but its true. The attacker types ../sms in the SMS token field.Now 2 step authentication are not safe, you guys will shock but its true. The attacker types ../sms in the SMS token field.
Sakurity researchers found the way to bypass the Authy 2 factor Authentication.
Here the details:
>> The client app encodes it as ..%2fsms and makes an API call to Authy - https://api.authy.com/protected/json/verify/..%2fsms/authy_id
>> Path_traversal middleware decodes path to https://api.authy.com/protected/json/verify/../sms/authy_id,
splits by slashes and removes the directory in front of /...
>> Actual Authy API sees modified path https://api.authy.com/protected/json/sms/authy_id,
simply sends another SMS to authy_id (the victim) and responds with 200 status and {"success":true,"message":"SMS token was sent","cellphone":"+1-XXX-XXX-XX85"}
>> All Authy SDK libraries consider 200 status as a successful response and let the attacker in. Even a custom integration most likely will look for "success":true in the JSON body, and our /sms response body has it. So the only secure way to verify the response is to search for "token":"is valid" substring (which is what Authy libraries do now).
Yes, the attacker was able to bypass 2 factor authentication on any website using Authy with something as simple as "../sms" in the token field
- See more at: http://blog.hackersonlineclub.com/2015/03/how-to-bypass-two-step-verification-code.html#sthash.IFH8sVT1.dpufHere the details:
>> The client app encodes it as ..%2fsms and makes an API call to Authy - https://api.authy.com/protected/json/verify/..%2fsms/authy_id
>> Path_traversal middleware decodes path to https://api.authy.com/protected/json/verify/../sms/authy_id,
splits by slashes and removes the directory in front of /...
>> Actual Authy API sees modified path https://api.authy.com/protected/json/sms/authy_id,
simply sends another SMS to authy_id (the victim) and responds with 200 status and {"success":true,"message":"SMS token was sent","cellphone":"+1-XXX-XXX-XX85"}
>> All Authy SDK libraries consider 200 status as a successful response and let the attacker in. Even a custom integration most likely will look for "success":true in the JSON body, and our /sms response body has it. So the only secure way to verify the response is to search for "token":"is valid" substring (which is what Authy libraries do now).
Yes, the attacker was able to bypass 2 factor authentication on any website using Authy with something as simple as "../sms" in the token field
Sakurity researchers found the way to bypass the Authy 2 factor Authentication.
Here the details:
>> The client app encodes it as ..%2fsms and makes an API call to Authy - https://api.authy.com/protected/json/verify/..%2fsms/authy_id
>> Path_traversal middleware decodes path to https://api.authy.com/protected/json/verify/../sms/authy_id,
splits by slashes and removes the directory in front of /...
>> Actual Authy API sees modified path https://api.authy.com/protected/json/sms/authy_id,
simply sends another SMS to authy_id (the victim) and responds with 200 status and {"success":true,"message":"SMS token was
sent","cellphone":"+1-XXX-XXX-XX85"}
>> All Authy SDK libraries consider 200 status as a successful response and let the attacker in. Even a custom integration most likely will
look for "success":true in the JSON body, and our /sms response body has it. So the only secure way to verify the response is to search for "token":"is valid" substring (which is what Authy libraries do now).
Yes, the attacker was able to bypass 2 factor authentication on any website using Authy with something as simple as "../sms" in the
token field!
How To Bypass Two Step Verification Code
Reviewed by Unknown
on
3/19/2015
Rating:
Reviewed by Unknown
on
3/19/2015
Rating:
No comments:
Post Your Comment Here Please