2FA bypass by sending blank code

Program: glassdoor Bug Type: MFA Bounty: Unspecified Date: 2020-06-13

2FA MFA-bypass

Summary

The 2FA mechanism on Glassdoor can be bypassed by submitting a blank code during login. Due to improper input validation, the system accepts an empty value and grants access, effectively nullifying the second factor of authentication. This constitutes an improper authentication vulnerability. This summary was generated by AI This summary was generated by AI

References

https://hackerone.com/reports/897385

← Back to Reports