Kayıt Ol


Şifremi Kaybettim

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.


Kayıt Ol

Canyoupwn.me ~

EN | Microsoft Authentication Bypass Vulnerability



Vulnerability allows you to confirm a phone number or mail that you own or not.  So you have bypassed the two factor authentication verification. Two-step verification must be active so leak can ocur. At the same time, the 2fa verification must be mandatory by the administrator. You can add the phone number or e-mail address to the corporate e-mail address without knowing it. This is very big in terms of computer forensic. A criminal offense may appear attached to your email address as confirmed by your phone. So you can be in a criminal position. Think that your phone number has been approved at wannacry’s email address, Hello FBI it’s not me, it’s 0day 🙂

Steps To Reproduce


The administrator must approve a two factor authentication and request you to add the phone number from your account when logging in.


I tried atony first through phone number. When I realized that I went on from the mail address.

Step 3:

Let us examine the outgoing request when we press the verification buton;

When I examine the outgoing post request and when I perform url decode;

All you need to do is change the phone number or mail address with Proxy. Namely;


Got e-mail.



Proof of Concept


October 10: Report Submitted
October 16: Report reviewed
October 18 – 21: Discussion
November 17: Report closed as resolved
Final: Award and hall of fame.

Best Regards
Berk İmran

Hakkında Berk İMRAN

Cyber security researcher

Beni Takip Et