Bypassing 2FA with conventional session management - open.rocket.chat vulnerability
Posted: Mon Oct 28, 2024 6:44 am
Reserachers have found a vulnerability in open.rocket.chat and I able to bypass 2FA by Email confirmation link.
In this case, attackers use the email confirmation link because, often, 2FA is not implemented on the system’s login page after a email confirmation.
https://hackerone.com/reports/1701378
In this case, attackers use the email confirmation link because, often, 2FA is not implemented on the system’s login page after a email confirmation.
https://hackerone.com/reports/1701378