W-MFA-BYPASSCredential Access

MFA Bypass

Race conditions, brute-force OTP with no rate limit, downgrade auth flow, abuse of recovery / trusted-device flow.

§ Where this technique fits

W-MFA-BYPASS is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 5 on average.

§ Dossiers chaining this technique

IMSI catcher → force 2G downgrade → SMS / call intercept
Operate a rogue base station in the target area. Phones associate; force fallback to 2G where no mutual auth is required. Intercept SMS OTPs, sniff voice calls, push notifications fail silently.
step 5 / 5

§ Where this technique fits

§ Dossiers chaining this technique

IMSI catcher → force 2G downgrade → SMS / call intercept