This is my third finding in Avira, this bug is a broken authentication flow in their Two Step Verification System.
Impact: Multiple users can't be able to login to their accounts if the two step verification is enabled on these accounts using the same phone number.

Note: I also found another bug where I was able to bypass the two step verification process and login to these accounts without entering the passcode. (This bug is not fixed yet).

I was awarded a certificate of appreciation from Avira.

Report Timeline :
Jun 13, 2019 : Report Sent (two bugs)
Jun 14, 2019 : Report Triaged
Oct 30, 2019 : 1st bug fixed
Oct 31, 2019 : Certificate Awared

Visit my website: https://ahmadhalabi.net
Follow me on Facebook:   / dragon.shaheen1  
Follow me on Instagram:   / ahmad_shn1