web-vuln-mfa-bypass
CommunityUncover MFA bypass risks with practical tests
System Documentation
What problem does it solve?
Systematically tests Multi-Factor Authentication (MFA) implementations for bypass vulnerabilities including missing rate limiting, OTP reuse, response manipulation, race conditions on OTP submission, direct navigation to post-MFA pages, backup code handling flaws, MFA disable without re-verification, session fixation pre-MFA, predictable OTP values, and client-side MFA state storage.
Core Features & Use Cases
- Map the MFA flow to identify verification endpoints and parameter names.
- Validate rate limiting, OTP reuse protections, response integrity, and post-MFA access controls.
- Assess client-side MFA state exposure and potential bypass vectors.
Quick Start
Map the MFA flow for your test application and run the included checks for rate limiting, OTP reuse, response integrity, and direct post-MFA access.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: web-vuln-mfa-bypass Download link: https://github.com/woohyun212/security-skill/archive/main.zip#web-vuln-mfa-bypass Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.