Description of the issue:
MFA bypass flaw that allows a potential threat actor to bypass MFA on websites.
Steps to Reproduce (add as many as necessary): 1. 2. 3.
I prefer not to list the steps as this is extremely easy to do and I prefer not to publicly disclose the steps.
Actual Result (gifs and screenshots are welcome!):
Allows access websites that require MFA to be accessed without MFA even after a reboot.
User should be required to use MFA every time when logging onto a website that requires it.
Reproduces how often:
Operating System and Brave Version(See the
About Brave page in the main menu):
Windows 10 21H2
Brave V1.39.111 (May 24, 2022)
I believe that this is a seriously dangerous security flaw that I’m able to reproduce across machines on a regular basis. Please email me to let me know how best to provide full discloser.