Coinbase Partial 2FA Bypass On Enabling Recurring Payments.
Hello Users,
While i was pentesting Coinbase I noticed that while creating Recurring payment meanwhile when 2FA is enabled it asks a user to enter verification code.
So when someone confirm the recurring payment a request is sent to :
POST /recurring_payments/58087a3d6861ee015644fc48/confirm HTTP/1.1 Host: beta.coinbase.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:51.0) Gecko/20100101 Firefox/51.0 Accept: */*;q=0.5, text/javascript, application/javascript, application/ecmascript, application/x-ecmascript Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://beta.coinbase.com/recurring_payments X-NewRelic-ID: XA4HVVZTGwIAVFVXBAAG X-CSRF-Token: /hSt/DD82VwI6ks+4P0VTHTDULz5EhHKowGAGfryWcVCZd47s+rQZDCgr70pJK4EeFHkKWRd0SJbVq1K64IZLA== Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 28 Cookie: MY_COOKIE utf8=%E2%9C%93&_method=patch
Now when someone delete this recurring payment there is no such option to restore it meaning that once it is deleted its forever GONE and note that for re-creating it you need a VERIFICATION CODE (2FA code).
But if someone repeat the request which was obtained while confirming payment the recurring payment is restored to particular payment ID.
Cheers!!
While This made it more special 🙂
Bugdiscloseguys