Website Bug: Bypassing 2FA Action when clearing session

Sonostrano20 · July 7, 2025, 11:41am

MOVED TO HACKERONE

Visual Aids: (Check Private Message)
Direct Links: Log in to Roblox
Browser Information: Chrome 138 on Windows 11
Short Description: Following this method you are able to bypass 2FA in an Account, this should be patched ASAP as bad actor could easily steal your account

Expected behavior

I Should be always be prompted to Insert 2FA code

A private message is associated with this bug report (All info on hackerone)

Mmm_Wafflez · July 7, 2025, 1:15pm

If this is a real and pertinent security bypass report it here and you will be paid:

c1rcuitbent · July 7, 2025, 1:35pm

iirc you need to provide ID and/or be over 18 to use HackerOne

Sonostrano20 · July 7, 2025, 1:39pm

Thank you @Mmm_Wafflez

Just filled out a report on hacker one, with all the steps!