A security researcher has uncovered a simple method for bypassing PayPal s two-factor authentication mechanism. The vulnerability is related to the way that the login flow works when a user is prompted to connect her eBay account to her PayPal account. The problem is that the integrated registration function doesn t check for the 2FA code, which the user should have to enter before being logged in. The bug was disclosed to PayPal in June, but the company said it planned to fix it a month ago.
Source: https://threatpost.com/another-bypass-identified-in-paypal-2fa/107605/