Coinbase Partial 2FA Bypass On Enabling Recurring Payments.
While i was pentesting Coinbase I noticed that while creating Recurring payment meanwhile when 2FA is enabled it asks a user to enter verification code.
So when someone confirm the recurring payment a request is sent to :
Now when someone delete this recurring payment there is no such option to restore it meaning that once it is deleted its forever GONE and note that for re-creating it you need a VERIFICATION CODE (2FA code).
But if someone repeat the request which was obtained while confirming payment the recurring payment is restored to particular payment ID.
While This made it more special 🙂