Email or username:

Password:

Forgot your password?
r000t's posts Post Back to profile
r000t

Riot Games 2FA implementation is inherently broken: The same code can be used multiple times.

The code is also emailed to you, and email is known to be an insecure channel. You do not have the option to use your own TOTP application to generate login codes.

Riot Games responded to a report saying that the system is "working as intended"

Lesson? Phish Riot accounts. They will do nothing to stop you.

Also, HackerOne is an absolute fucking joke.

12 May 2022 at 13:26 | Open on infosec.exchange
1 comment
r000t

"A 2FA bypass is not a bug because you'd need to know the username and password to use it"

uhhhhh folks what do you think 2FA is for?
12 May 2022 at 13:29 | Open on infosec.exchange
Go Up