Breaking the Doors: Paypal 2-Factor Bypass

Hi! It’s been a while since my last write up. I hope you’ll like this one. Take care and be safe!

Two-factor authentication is an extra layer of security for your Paypal Account designed to ensure that you’re the only person who can access your account, even if someone knows your password.

On March 10, 2020 I reported a security vulnerability on Paypal via Hackerone about Two-Factor Authentication Bypass.

3 Days after submitting the report, The H1 Staff was able to successfully reproduced my Report moving it to Triage.

After 4 Months, Paypal rewarded me a $5,300 (250,000 PHP) bounty for the vulnerability.

Note:

PayPal takes the security of their customers’ data, money and account information extremely seriously. They worked quickly to resolve the reported issue.

Proof of Concept: