MFA bypass flaw

erics · June 7, 2022, 2:38pm

Description of the issue:
MFA bypass flaw that allows a potential threat actor to bypass MFA on websites.

Steps to Reproduce (add as many as necessary): 1. 2. 3.
I prefer not to list the steps as this is extremely easy to do and I prefer not to publicly disclose the steps.

Actual Result (gifs and screenshots are welcome!):
Allows access websites that require MFA to be accessed without MFA even after a reboot.

Expected result:
User should be required to use MFA every time when logging onto a website that requires it.

Reproduces how often:
Daily

Operating System and Brave Version(See the About Brave page in the main menu):
Windows 10 21H2
Brave V1.39.111 (May 24, 2022)

Additional Information:
I believe that this is a seriously dangerous security flaw that I’m able to reproduce across machines on a regular basis. Please email me to let me know how best to provide full discloser.

Mattches · June 7, 2022, 9:47pm

@erics,
Can you please send me a DM with the specifics so I can take a closer look?
Thank you.

system · July 7, 2022, 9:48pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.