A security researcher from Nepal has done a write up on how he was able to bypass the two factor authentication on Facebook. The vulnerability that was exploited was that the two factor code is 6 digits long and there isn’t any limits or rate limiting on the number of attempts you can submit the code. The researcher used a brute force attack to try all permutations of the 6 digit 2FA code using a pen testing tool call burp suite. Facebook has since fixed the vulnerability.
https://medium.com/pentesternepal/two-factor-authentication-bypass-on-facebook-3f4ac3ea139c
This segment was created for the It’s 5:05 podcast