OTP bypass via response manipulation 

 Hello Hacker, I'm glad you're back on my other blog. This time, I discovered my most recent finding on a private bug bounty programme. The vulnerability I discovered is the OTP bypass via response manipulation.



What is OTP bypass via response manipulation

OTP (One-Time Password) bypass via response manipulation refers to a method where an attacker manipulates the response received during an authentication process to bypass the need for a valid OTP. 

Why it occurs

OTP bypass via response manipulation vulnerability can occur due to various factors, including Inadequate Response Validation, Lack of Integrity Checking,Insecure Communication Channels.

 

Now Let's look for vulnerability 

I find out that the application requests an OTP in order to confirm the user's identity when I browse through it. I first input the genuine OTP and evaluate the response. And I identify the application looking at the status code and user-id that we would receive after submitting an OTP.  All we need to do is respond falsely to the real status and user-id.


It's time for practical

    Create account on application.

    Requesting OTP on mobile number.

     Entering a random OTP and sending the request.

    Captured request into Burp-suite with userId.

    Response for wrong OTP.

    Manipulated response with userId, status, and authId.

   Successfully created account without using real OTP.


    Thanks for reading!! 

    Keep Hacking!!