Lab 2: 2FA Bypass

Goal: access the account while bypassing the OTP validation step.

Intentional vulnerability: insecure legacy backup flow accepts ?backup=true and marks the session as authenticated.

Step 1: Password Login

Use credentials: analyst / rat123