Description
- Hello Team I found one issue related to your 2FA system on
https://namelessmc.com/user/settings/?do=enable_tfa&s=2
Vulnerability Type:
- Improper Access Control - Generic
STEP TO REPRODUCE:
- 1- access the same account on
https://namelessmc.com/
in two devices
- 2- on device
'A'
go to
https://namelessmc.com/user/settings/?do=enable_tfa&s=2
> complete all steps to change the 2FA system
- -> Now the 2FA is activated from Phone number/Email
- 3- back to device
'B'
reload the page
- -> The session is still active and also I have updated the new email.
- 4- For More Details To Check the POC
Proof of Concept:
POC VIDEO