Ask HN: Is being able to bypass 2FA on PayPal a security vulenrability?

1 points by TomGullen ↗ HN
Our account had some unusual login attempts on it, which triggered us needing 2FA to login each time.

I found a pretty easy way to bypass this, and reported the issue to Paypal on HackerOne.

I was told that "the reported behavior is intended" and they are closing the issue as informative.

A week on and the issue appears to be fixed.

Granted the way I found to bypass it was rather trivial, and I'm no expert. Am I right in thinking this is a legitimate security issue?

1 comment

[ 2.8 ms ] story [ 15.7 ms ] thread