MobileNews

TikTok fixed a security hole in its Android app that bypassed two-factor authentication [Video]

bypass two-factor authentication

A vulnerability has just been disclosed in the TikTok app for Android, as well as TikTok on the web which made it relatively easy to bypass two-factor authentication entirely.

Uncovered by Lu3ky-13 on HackerOne, TikTok’s Android app had a gaping security hole that allowed users to bypass two-factor authentication without any special tools or methods. The vulnerability simply brute forces the login page, repeatedly logging in over and over again until, eventually, the two-factor authentication page is skipped and TikTok allows for a successful login to the account.

TikTok summarized the issue:

A vulnerability was found where a random timeout issue on a Two-Step Verification endpoint could have resulted in a potential bypass of authentication if multiple incorrect attempts were entered in quick succession. It was found that this vulnerability required access to the user’s email/password or phone number/code associated with the account and multiple bruteforcing attempts to bypass would be needed.

The vulnerability was first reported to TikTok in October 2022 and was patched in mid-December 2022 and is no longer active.

Of course, this vulnerability in TikTok assumes that a malicious party has your correct username and password. While this has been fixed, it’s a good reminder to keep up with password security, especially with recent security breaches such as the LastPass hack in recent memory.

You can see the vulnerability in action below.

More on Android:



Author: Ben Schoon
Source: 9TO5Google

Related posts
AI & RoboticsNews

Nvidia and DataStax just made generative AI smarter and leaner — here’s how

AI & RoboticsNews

OpenAI opens up its most powerful model, o1, to third-party developers

AI & RoboticsNews

UAE’s Falcon 3 challenges open-source leaders amid surging demand for small AI models

DefenseNews

Army, Navy conduct key hypersonic missile test

Sign up for our Newsletter and
stay informed!