Skip navigation

Duo Labs: Paypal Two-Factor Bypass

Security researcher Zach Lanier walks through a bypass he discovered that allowed him to view his recent activity via the iOS app by logging in without completing two-factor authentication.

Watch the video to see exactly how Zach was able to send money, see info about his account/wallet and more information about Paypal’s two-factor implementation flaws.