| 5099 | How I bypassed State Bank of India OTP. |
OTP bypass |
State Bank of India |
Neeraj Sonaniya (@neeraj_sonaniya) |
Bug Bounty | 2017-02-20 | 2023-06-13 |
| 4842 | #BugBounty — How I could book cab using your wallet money in India’s largest auto transportation company! |
OTP bypass |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-03-05 | 2023-06-13 |
| 4721 | [Responsible disclosure] How I could have booked movie tickets through other user accounts |
Password reset
Account takeover
Bruteforce
OTP bypass |
AGS Cinemas |
Bharathvaj Ganesan |
Bug Bounty | 2018-06-18 | 2023-06-13 |
| 4583 | User Account takeover in India’s largest digital business company |
Account takeover
OTP bypass |
NA |
Minali Arora (@AroraMinali) |
Bug Bounty | 2018-09-16 | 2023-06-13 |
| 4380 | Yes I can see your OTP |
IDOR |
NA |
Vulnerables |
Bug Bounty | 2019-01-03 | 2023-06-13 |
| 3934 | Oculus identity verification bypass through brute-force |
OTP bypass
Lack of rate limiting |
Meta / Facebook |
karthik kumar reddy (@karthiksunny007) |
Bug Bounty | 2019-09-09 | 2023-06-13 |
| 3919 | OTP Manipulation |
OTP bypass |
NA |
Kishan choudhary (@choudhary_1337) |
Bug Bounty | 2019-09-14 | 2023-06-13 |
| 3877 | How I was able to bypass OTP code requirement in Razer [The story of a critical bug] |
OTP bypass |
Razer |
Ananda Dhakal (@dhakal_ananda) |
Bug Bounty | 2019-10-16 | 2023-06-13 |
| 3653 | Tale of Account Takeovers (Part-1) |
Account takeover
HTTP parameter pollution
Password reset
OTP bypass |
NA |
Vijaysimha Reddy Bathini (@fatratfatrat) |
Bug Bounty | 2020-02-22 | 2023-06-13 |
| 3616 | OTP Bypass - Developer’s Check |
OTP bypass |
NA |
Shrey Shah (@ShreySh43332033) |
Bug Bounty | 2020-03-11 | 2023-06-13 |
| 3599 | Razer mobile PIN verification bypass $1k Bug |
OTP bypass
MFA bypass |
Razer |
Sourav Sahana (@kernel_rider) |
Bug Bounty | 2020-03-17 | 2023-06-13 |
| 3598 | How I was able to verify any contact number for my account? |
OTP bypass
MFA bypass |
NA |
Paras Arora (@parasarora06) |
Bug Bounty | 2020-03-17 | 2023-06-13 |
| 3577 | OTP Bruteforce- Account Takeover |
OTP bruteforce
Account takeover |
NA |
Ranjit Kumar |
Bug Bounty | 2020-03-29 | 2023-06-13 |
| 3551 | Hacking a Telecommunication company(MTN) |
OTP bypass
Bruteforce |
MTN Group |
Afolic |
Bug Bounty | 2020-04-13 | 2023-06-13 |
| 3544 | OTP Verification Bypass |
OTP bypass |
NA |
Kanhaiya Kumar Singh |
Bug Bounty | 2020-04-17 | 2023-06-13 |
| 3460 | My First Bug Bounty — 2 Factor Authentication Bypass |
OTP bypass |
NA |
Talatmehmood |
Bug Bounty | 2020-05-22 | 2023-06-13 |
| 3458 | Story About OTP Bypass To Stored XSS |
OTP bypass
Stored XSS |
NA |
PJ Borah (@PJBorah1) |
Bug Bounty | 2020-05-23 | 2023-06-13 |
| 3398 | Account Takeover via OTP Bruteforce (Apigee API) |
OTP bypass
Bruteforce
Lack of rate limiting |
NA |
Vishnuraj |
Bug Bounty | 2020-06-13 | 2023-06-13 |
| 3314 | Phone number validation bypass through url path manipulation . |
OTP bypass |
NA |
ben aymen (@ben_aymen_182) |
Bug Bounty | 2020-07-10 | 2023-06-13 |
| 3261 | Bypassing OTP via reset password |
OTP bypass |
NA |
Ahmed Cj (@0x0Cj) |
Bug Bounty | 2020-07-30 | 2023-06-13 |
| 3160 | Account takeover by OTP bypass |
OTP bypass |
NA |
Bhavarth Kandoria |
Bug Bounty | 2020-09-13 | 2023-06-13 |
| 3146 | How I By-pass the login page and 2FA authentication….. |
Authentication bypass
OTP bypass
MFA bypass |
NA |
Harsh |
Bug Bounty | 2020-09-20 | 2023-06-13 |
| 3131 | 5 Ways to do Account Takeover in a Single Website |
Account takeover
Lack of rate limiting
OTP bypass
IDOR
OAuth
JWT |
NA |
letmeslidein (@VasuYadaav) |
Bug Bounty | 2020-09-27 | 2023-06-13 |
| 3069 | Rate Limit Bypassing Allowing Identity Spoofing |
Rate limiting bypass
OTP bypass |
NA |
Mohamed Talaat (@T4144t) |
Bug Bounty | 2020-10-29 | 2023-06-13 |
| 2866 | BMW Bug Bounty – Account Verification Bypass writeup |
OTP bypass
Bruteforce
Lack of rate limiting |
BMW |
Pethuraj (@Pethuraj) |
Bug Bounty | 2021-01-26 | 2023-06-13 |
