Ask HN: Is being able to bypass 2FA on PayPal a security vulenrability?
Our account had some unusual login attempts on it, which triggered us needing 2FA to login each time.
I found a pretty easy way to bypass this, and reported the issue to Paypal on HackerOne.
I was told that "the reported behavior is intended" and they are closing the issue as informative.
A week on and the issue appears to be fixed.
Granted the way I found to bypass it was rather trivial, and I'm no expert. Am I right in thinking this is a legitimate security issue?
1 comment
[ 2.8 ms ] story [ 15.7 ms ] thread