Access Control: MFA Bypass¶
Identifier:
mfa_bypass
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
Multi-factor authentication (MFA) bypass vulnerabilities occur when an application accepts an incomplete authentication state as fully authenticated — for instance when the intermediate token issued after the first factor, before the second factor is verified, is already accepted on protected endpoints. An attacker who only holds the first factor can then skip the second factor entirely.
How we test: We complete the first authentication factor to obtain the intermediate (pre-MFA) token, then replay it against a protected resource. If that token authenticates as the full user without the second factor ever being verified, the MFA control is bypassable.
References:
- https://owasp.org/API-Security/editions/2023/en/0xa2-broken-authentication/
- https://cwe.mitre.org/data/definitions/287.html
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.