About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Duo Two-factor Authentication Bypass- 468

Shaun Kammerling - SensepostPosted 4 Years Ago
  • The days of a single password being used are gone because of the single point of failure. With 2FA, TWO authentication points need to be compromised. Duo is a provider of the second factor of authentication. So, a bypass for this is quite impactful.
  • With Duo 2FA, a code must be requested by the application. When this request to the server is made is where the vulnerability lies at. By simply copying the content of the hacker request, as opposed to the user request, the payload was sent directly to hacker instead of the main user!
  • This first bypass allowed for the location of the data being sent to be changed! However, this required the attacker to have access to this Duo portal in order to work.
  • A second variant was found AFTER requesting the code. When the code had been requested, a transaction id was constantly pulled to see if this had gone through. By sending the transaction id with the other device, the backend could be tricked into accepting the attackers verification code.
  • This bugs were quite simple and just about anybody could have found these. It is amazing that these bugs stayed in the Duo ecosystem for so long without anybody realizing. According to the authors of the article, Duo was incredibly swift about fixing the vulns and was pleasant to work with.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed