Hi, I would like to share how I was able to bypass 2FA. This is a private program on Hackerone, so we will call it example.com.
What is 2FA:
2FA is used as another layer of security to prevent Attackers from accessing the account if the attacker stole the password.
I went to the website and enabled 2FA, then logged out and try to login again.
The website asked to enter the 2FA code and the url was like:
An idea came to my mind to enter the url of the dashboard directly which was like:
and I was able to bypass 2FA and access the account.