You can bypass TikTok’s MFA by logging in via a browser

A month after TikTok rolled out multi-factor authentication (MFA) for its users, a ZDNet reader discovered that the company’s new security feature was only enabled for the mobile app but not its website. This lapse in TikTok’s MFA implementation opens the door for scenarios where a malicious threat actor could bypass MFA by logging into an account with compromised credentials via its website, rather than the mobile app.

Read full article on ZDNet

 


Date:

Categorie(s):

Tag(s):