10-22-2025, 12:30 PM
Medium
resolved
resolved
2FA bypass possible on https://authsvc.singlestore.com
Bug reported by Axolot was disclosed at October 22, 2025, 6:44 am | Authentication Bypass
A vulnerability was discovered that allowed the 2FA authentication mechanism to be bypassed completely. An attacker could access the victim's account by only knowing the email address and password, without requiring the 2FA code.