YouTube player

A security researcher from Nepal has done a write up on how he was able to bypass the two factor authentication on Facebook. The vulnerability that was exploited was that the two factor code is 6 digits long and there isn’t any limits or rate limiting on the number of attempts you can submit the code. The researcher used a brute force attack to try all permutations of the 6 digit 2FA code using a pen testing tool call burp suite. Facebook has since fixed the vulnerability.

This segment was created for the It’s 5:05 podcast