Keyless Entry

// scenario

You have compromised a user's password through credential stuffing. The application enforces Passkey-based 2FA after entering the correct password, the user must complete a WebAuthn assertion with their registered authenticator before a session is granted.

// objective

Bypass the Passkey 2FA step and gain access to the dashboard without a valid authenticator assertion. The flag is on the dashboard.

// rules

• Register an account and set up a passkey to understand the normal flow
• Log out and attempt to bypass the passkey verification step
• You may use Burp Suite or any HTTP interception proxy
• The vulnerability is in the server-side verification logic
• Do not attempt to attack the platform infrastructure

// flag format

ADVERSLY{...}