Authentication Vulnerabilities - Lab #8 2FA broken logic | Short Version

In this video, we cover Lab #8 in the Authentication module of the Web Security Academy. This lab's two-factor authentication is vulnerable due to its flawed logic. To solve the lab, we access Carlos's account page. Your credentials: wiener:peter Victim's username: carlos You also have access to the email server to receive your 2FA verification code. ▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬ Buy my course: https://academy.ranakhalil.com/p/web-... ▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬ Notes.txt document: https://github.com/rkhal101/Web-Secur... Web Security Academy Lab Exercise: https://portswigger.net/web-security/... Rana's Twitter account:   / rana__khalil  

Join Today
Authentication Vulnerabilities - Lab #9 Brute-forcing a stay-logged-in cookie | Short Version
▶︎

Authentication Vulnerabilities - Lab #9 Brute-forcing a stay-logged-in cookie | Short Version

Authentication Vulnerabilities - Lab #12 Password brute-force via password change | Short Version
▶︎

Authentication Vulnerabilities - Lab #12 Password brute-force via password change | Short Version

Malware
▶︎

Malware

Passkeys SUCK (here’s why + how I use them)
▶︎

Passkeys SUCK (here’s why + how I use them)

Authentication Vulnerabilities - Lab #11 Password reset poisoning via middleware | Short Version
▶︎

Authentication Vulnerabilities - Lab #11 Password reset poisoning via middleware | Short Version

SSRF Lab 2 - Basic SSRF against another back-end system (2 Solution Methods)
▶︎

SSRF Lab 2 - Basic SSRF against another back-end system (2 Solution Methods)

Authentication Vulnerabilities - Lab #5 Username enumeration via response timing | Short Version
▶︎

Authentication Vulnerabilities - Lab #5 Username enumeration via response timing | Short Version

Business Logic Vulnerabilities - Lab #4 Flawed enforcement of business rule | Long Version
▶︎

Business Logic Vulnerabilities - Lab #4 Flawed enforcement of business rule | Long Version

Most Devs Get API Authentication Wrong ?
▶︎

Most Devs Get API Authentication Wrong ?

Hackers Bypass Google Two-Factor Authentication (2FA) SMS
▶︎

Hackers Bypass Google Two-Factor Authentication (2FA) SMS

Authentication Vulnerabilities - Lab #6 Broken brute-force protection, IP block | Short Version
▶︎

Authentication Vulnerabilities - Lab #6 Broken brute-force protection, IP block | Short Version

Authentication Vulnerabilities - Lab #4 Username enumeration via different responses | Short Version
▶︎

Authentication Vulnerabilities - Lab #4 Username enumeration via different responses | Short Version

SUMMER DEEP HOUSE Musics Mix 2026 ♫ Bruno Mars, Lady Gaga,Dua Lipa, Adele,Ed Sheeran, The Weeknd #29
▶︎

SUMMER DEEP HOUSE Musics Mix 2026 ♫ Bruno Mars, Lady Gaga,Dua Lipa, Adele,Ed Sheeran, The Weeknd #29

Business Logic Vulnerabilities - Lab #5 Low Level Logic Flaw | Short Video
▶︎

Business Logic Vulnerabilities - Lab #5 Low Level Logic Flaw | Short Video

How US Air Force B 52 Pilot Performed an Emergency Takeoff at Full Speed
▶︎

How US Air Force B 52 Pilot Performed an Emergency Takeoff at Full Speed

Trumps Pool-Fiasko | Peinliche Videos von Politikern zur WM | extra 3 vom 25.06.2026 · Teil 2/2
▶︎

Trumps Pool-Fiasko | Peinliche Videos von Politikern zur WM | extra 3 vom 25.06.2026 · Teil 2/2

Avicii, Dua Lipa, Coldplay, Martin Garrix & Kygo, The Chainsmokers Style - Summer Vibes #21
▶︎

Avicii, Dua Lipa, Coldplay, Martin Garrix & Kygo, The Chainsmokers Style - Summer Vibes #21

Two Factor Authentication(2FA) Bypass Using Brute-Force Attack
▶︎

Two Factor Authentication(2FA) Bypass Using Brute-Force Attack

Authentication Vulnerabilities - Lab #7 Username enumeration via account lock | Short Version
▶︎

Authentication Vulnerabilities - Lab #7 Username enumeration via account lock | Short Version