Featured image of post Breaking the Doors: Paypal 2-Factor Bypass

Breaking the Doors: Paypal 2-Factor Bypass

Two-Factor Authentication bypass on Paypal

Hi! It’s been a while since my last write up. I hope you’ll like this one. Take care and be safe!

Two-factor authentication is an extra layer of security for your Paypal Account designed to ensure that you’re the only person who can access your account, even if someone knows your password.

On March 10, 2020 I reported a security vulnerability on Paypal via Hackerone about Two-Factor Authentication Bypass.

3 Days after submitting the report, The H1 Staff was able to successfully reproduced my Report moving it to Triage.

After 4 Months, Paypal rewarded me a $5,300 (250,000 PHP) bounty for the vulnerability.


PayPal takes the security of their customers’ data, money and account information extremely seriously. They worked quickly to resolve the reported issue.

Proof of Concept

ctulhu.me | Christian Niel Angel
Built with Hugo
Theme Stack designed by Jimmy