{"id":9341,"date":"2013-02-26T09:55:48","date_gmt":"2013-02-26T15:55:48","guid":{"rendered":"http:\/\/bucktownbell.com\/?p=9341"},"modified":"2013-02-26T09:57:47","modified_gmt":"2013-02-26T15:57:47","slug":"bypassing-googles-two-factor-authentication","status":"publish","type":"post","link":"http:\/\/bucktownbell.com\/?p=9341","title":{"rendered":"Bypassing Google\u2019s Two-Factor Authentication"},"content":{"rendered":"<blockquote><p>TL;DR \u2013 An attacker can bypass Google\u2019s two-step login verification, reset a user\u2019s master password, and otherwise gain full account control, simply by capturing a user\u2019s application-specific password (ASP).<\/p><\/blockquote>\n<p>via <a href=\"https:\/\/blog.duosecurity.com\/2013\/02\/bypassing-googles-two-factor-authentication\/\">Bypassing Google\u2019s Two-Factor Authentication &#8211; Blog \u00b7 Duo Security<\/a>.<\/p>\n<p>Also From:\u00a0 <a href=\"http:\/\/www.darkreading.com\/identity-and-access-management\/167901114\/security\/vulnerabilities\/240149383\/google-security-vulnerability-allowed-two-step-verification-bypass.html\">Google Security Vulnerability Allowed Two-Step Verification Bypass &#8211; Dark Reading<\/a>.<\/p>\n<blockquote><p>A successful attack would require first stealing a user&#8217;s ASP, which could theoretically be accomplished via malware or a phishing attack.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>TL;DR \u2013 An attacker can bypass Google\u2019s two-step login verification, reset a user\u2019s master password, and otherwise gain full account control, simply by capturing a user\u2019s application-specific password (ASP). via Bypassing Google\u2019s Two-Factor Authentication &#8211; Blog \u00b7 Duo Security. Also &hellip; <a href=\"http:\/\/bucktownbell.com\/?p=9341\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[287],"tags":[414,427,423,692],"class_list":["post-9341","post","type-post","status-publish","format-standard","hentry","category-interfaces","tag-authentication","tag-exploit","tag-google","tag-user-management"],"_links":{"self":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/9341","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9341"}],"version-history":[{"count":2,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/9341\/revisions"}],"predecessor-version":[{"id":9343,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/9341\/revisions\/9343"}],"wp:attachment":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9341"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}