Account verification code bypass lead to a $4000 bounty

  1. Users can unblock from the login device.
  2. Block device login again and for security, redirect.com sends a 4-digit code to the user's email address.
{
"otp":[
"1234",
"1111",
"1337",
"2222",
"3333",
"4444",
"5555"
]
}

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store