What is broken authentication?
Broken authentication is when one gains access to specific parts of a web application without proper login/permissions.
Example:-
I have a web page named example.com/login.html
Once a person logs in with a proper username and password,he will be redirected to example.com/admin.html
What will broken authentication allow one to do?
Instead of going to the login page,one will directly type the address example.com/admin.html on their URL bar.
Example 2:-
I have a web page named example.com/login.html
Once a person logs in with a proper username and password,the sensitive data will be appeared there and then.
What will broken authentication allow one to do?
It will allow one to attack the web page using methods like:-
- Credential stuffing (Dictionary attack)
- Automated attack (Brute force attack)
How do I fix it?
- Ask for multiple authentications
- Keep complex password requirements
- Download a big list of passwords,and if a users password is in that list notify them
- Limit login attempts
- Keep your website HTTPS
- One may use Cookie editors,so make keep complex cookies to prevent Cookie Stealing
Hope you enjoyed,
4YU3H41
0 Comments:
Post a Comment