I discuss an interesting attack vector which not many people do to possibly bypass 2 factor authentication in a web application.
Discussing a under rated sub bug class of Buisness Logic Flaws in web apps that deserves more attention.