Grab: Two-factor authentication bypass on Grab Android App

Description I found the endpoint using android app https://p.grabtaxi.com/api/passenger/v2/profiles/edit which allow me to bypass 2FA sms code due to lack of rate limiting\code expiration after unsuccessful attempts. The root cause of the problem it that facts: no rate limiting+ no code expiratio...