{"id":20493850,"url":"https://github.com/qeeqbox/two-factor-authentication-sim-cloning","last_synced_at":"2026-03-10T04:32:06.801Z","repository":{"id":104219205,"uuid":"517132939","full_name":"qeeqbox/two-factor-authentication-sim-cloning","owner":"qeeqbox","description":"An adversary may utilize a sim swapping attack for defeating 2fa authentication","archived":false,"fork":false,"pushed_at":"2024-01-29T01:13:41.000Z","size":238,"stargazers_count":14,"open_issues_count":0,"forks_count":3,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-05T17:51:52.112Z","etag":null,"topics":["2factor","authintacation","bypass","infosecsimplified","qeeqbox","vulnerability"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/qeeqbox.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-07-23T18:18:23.000Z","updated_at":"2025-01-16T04:32:26.000Z","dependencies_parsed_at":null,"dependency_job_id":"ffc79772-5eea-461f-8f29-29d859cc4c20","html_url":"https://github.com/qeeqbox/two-factor-authentication-sim-cloning","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/qeeqbox/two-factor-authentication-sim-cloning","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Ftwo-factor-authentication-sim-cloning","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Ftwo-factor-authentication-sim-cloning/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Ftwo-factor-authentication-sim-cloning/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Ftwo-factor-authentication-sim-cloning/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/qeeqbox","download_url":"https://codeload.github.com/qeeqbox/two-factor-authentication-sim-cloning/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Ftwo-factor-authentication-sim-cloning/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30324417,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-10T01:36:58.598Z","status":"online","status_checked_at":"2026-03-10T02:00:06.579Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["2factor","authintacation","bypass","infosecsimplified","qeeqbox","vulnerability"],"created_at":"2024-11-15T17:37:03.677Z","updated_at":"2026-03-10T04:32:06.780Z","avatar_url":"https://github.com/qeeqbox.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e \u003cimg src=\"https://raw.githubusercontent.com/qeeqbox/two-factor-authentication-sim-cloning/main/two-factor-authentication-sim-cloning.png\"\u003e\u003c/p\u003e\n\nAn adversary may utilize a sim swapping attack for defeating 2fa authentication.\n\n## Example #1\n1. Adversary steals the username and password pair for website\n2. Adversary compromises the victim's sim card and clone it\n3. Adversary logs in with the stolen username and password\n4. Adversary receives a pin code on the compromised phone and uses it for verification.\n\n## Impact\nHigh\n\n## Risk\n- gain unauthorized access\n\n## Redemption\n- use more factors\n\n## ID\n58a84977-90e1-4156-a555-8568e83115d0\n\n## References\n- [howtogeek](hthttps://www.howtogeek.com/668922/how-to-protect-yourself-from-sim-swapping-attacks/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqeeqbox%2Ftwo-factor-authentication-sim-cloning","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fqeeqbox%2Ftwo-factor-authentication-sim-cloning","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqeeqbox%2Ftwo-factor-authentication-sim-cloning/lists"}