Skip to content

Access Control: MFA Bypass

Identifier: mfa_bypass

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Multi-factor authentication (MFA) bypass vulnerabilities occur when an application accepts an incomplete authentication state as fully authenticated — for instance when the intermediate token issued after the first factor, before the second factor is verified, is already accepted on protected endpoints. An attacker who only holds the first factor can then skip the second factor entirely.

How we test: We complete the first authentication factor to obtain the intermediate (pre-MFA) token, then replay it against a protected resource. If that token authenticates as the full user without the second factor ever being verified, the MFA control is bypassable.

References:

Configuration

Example

Example configuration:

---
security_tests:
  mfa_bypass:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.