Skip to main content
  1. Security/

Breaking the Doors: Paypal 2-Factor Bypass

·1 min· loading · loading ·
Paypal bugbounty Two Factor Authentication Bypass Paypal 2FA Bypass
Christian Angel
Christian Angel
Two-Factor Authentication bypass on Paypal

Hi! It’s been a while since my last write up. I hope you’ll like this one. Take care and be safe!

Two-factor authentication is an extra layer of security for your Paypal Account designed to ensure that you’re the only person who can access your account, even if someone knows your password.

On March 10, 2020 I reported a security vulnerability on Paypal via Hackerone about Two-Factor Authentication Bypass.

3 Days after submitting the report, The H1 Staff was able to successfully reproduced my Report moving it to Triage.

After 4 Months, Paypal rewarded me a $5,300 (250,000 PHP) bounty for the vulnerability.


PayPal takes the security of their customers’ data, money and account information extremely seriously. They worked quickly to resolve the reported issue.

Proof of Concept: