| 4502 | Bypass HackerOne 2FA requirement and reporter blacklist |
Logic flaw
MFA bypass
Authentication flaw |
HackerOne |
Japz Divino (@japzdivino) |
Bug Bounty | 2018-10-31 | 2023-06-13 |
| 4448 | Instagram Multi-factor authentication Bypass |
MFA bypass |
Meta / Facebook |
Vishnuraj |
Bug Bounty | 2018-11-27 | 2023-06-13 |
| 4322 | How I hacked 40,000 user accounts of Microsoft using 2FA bypass(outlook.live.com) |
MFA bypass |
Microsoft |
Vartul Goyal (@hackvartul) |
Bug Bounty | 2019-02-05 | 2023-06-13 |
| 4175 | How to bypass a 2FA with a HTTP header |
MFA bypass |
NA |
Yumi |
Bug Bounty | 2019-04-26 | 2023-06-13 |
| 3879 | How I bypassed 2 Factor Authentication |
MFA bypass |
NA |
Hemant Singh Manral |
Bug Bounty | 2019-10-15 | 2023-06-13 |
| 3846 | BugBounty: How I Cracked 2FA (Two-Factor Authentication) with Simple Factor Brute-force !!! 😎 |
MFA bypass
Lack of rate limiting |
NA |
Akash Agrawal (@akashmagrawal) |
Bug Bounty | 2019-11-08 | 2023-06-13 |
| 3791 | Authentication Bypass |
MFA bypass |
NA |
Rushiikesh (@u1tran00b) |
Bug Bounty | 2019-12-09 | 2023-06-13 |
| 3767 | 2 FA Bypass via CSRF Attack |
MFA bypass
CSRF |
Mail.ru |
Vishal Bharad |
Bug Bounty | 2019-12-23 | 2023-06-13 |
| 3741 | Bypass 2FA in a website |
MFA bypass |
NA |
Sourav Sahana (@kernel_rider) |
Bug Bounty | 2020-01-01 | 2023-06-13 |
| 3695 | 2FA Bypass via Logical Rate Limiting Bypass |
MFA bypass
Logic flaw |
NA |
Jeppe Bonde Weikop |
Bug Bounty | 2020-01-30 | 2023-06-13 |
| 3599 | Razer mobile PIN verification bypass $1k Bug |
OTP bypass
MFA bypass |
Razer |
Sourav Sahana (@kernel_rider) |
Bug Bounty | 2020-03-17 | 2023-06-13 |
| 3598 | How I was able to verify any contact number for my account? |
OTP bypass
MFA bypass |
NA |
Paras Arora (@parasarora06) |
Bug Bounty | 2020-03-17 | 2023-06-13 |
| 3529 | Two Factor Authentication Bypass [ $50 ] |
MFA bypass |
NA |
Aung Pyae Ko Ko (@BlcKVRtuL1) |
Bug Bounty | 2020-04-24 | 2023-06-13 |
| 3378 | From Recon to Bypassing MFA Implementation in OWA by Using EWS Misconfiguration |
Information disclosure
MFA bypass |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2020-06-19 | 2023-06-13 |
| 3280 | How I bypassed 2fa in a 3 years old private program! |
MFA bypass
Bruteforce
Lack of rate limiting |
NA |
Shivangx01b (@shivangx01b) |
Bug Bounty | 2020-07-26 | 2023-06-13 |
| 3255 | Multi-factor Auth Bypass with Password Reset Function |
MFA bypass
Password reset
Account takeover |
NA |
Vaibhav Joshi (@vj0shii) |
Bug Bounty | 2020-08-02 | 2023-06-13 |
| 3226 | Cracking the 2FA |
MFA bypass |
NA |
Rushikesh Gaikwad (@rsg_1212) |
Bug Bounty | 2020-08-12 | 2023-06-13 |
| 3190 | Bug Bounty Failsx101[4] |
MFA bypass |
NA |
ArcherL (@realArcherL) |
Bug Bounty | 2020-08-26 | 2023-06-13 |
| 3172 | How response Manipulation got me a little, but sweet Bounty |
MFA bypass |
NA |
Tommaso De Ponti (@heytdep) |
Bug Bounty | 2020-09-07 | 2023-06-13 |
| 3146 | How I By-pass the login page and 2FA authentication….. |
Authentication bypass
OTP bypass
MFA bypass |
NA |
Harsh |
Bug Bounty | 2020-09-20 | 2023-06-13 |
| 2745 | How I Might Have Hacked Any Microsoft Account |
Account takeover
Password reset
Bruteforce
MFA bypass |
Microsoft |
Laxman Muthiyah (@laxmanmuthiyah) |
Bug Bounty | 2021-03-02 | 2023-06-13 |
| 2725 | Business Logic Error on Registration Leads to SMS Validation Bypass |
MFA bypass |
NA |
pleorqy (@pleorqy) |
Bug Bounty | 2021-03-10 | 2023-06-13 |
| 2671 | Bragging Rights: Let’s head back to bug bucket |
XSS
IDOR
MFA bypass |
NA |
Manas Harsh (@ManasH4rsh) |
Bug Bounty | 2021-04-02 | 2023-06-13 |
| 2565 | 2FA Verification Bypass in Shapeshift [shapeshift.com] (Write Up) |
MFA bypass |
Shapeshift |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2021-05-10 | 2023-06-13 |
| 2556 | 2FA Bypass via Forced Browsing |
MFA bypass |
NA |
Akhil |
Bug Bounty | 2021-05-15 | 2023-06-13 |
