Hi guys, I came across the following blog post on medium describing a method of bypassing OTP:
https://systemweakness.com/bypassing-otp-verification-797851057e79
I want to prevent this in my applications but the the article doesn't actually say which tool is used to perform the modified header attack.
Does anyone know how this is achieved? I know about HTTP catcher tools but not aware of such a tool that can successfully modify the request? Can anyone shine some light on this as I see this as a serious security flaw that needs attention.
Thank you
Top comments (0)