🍡[Severity 2] Broken Authentication

Notes about Broken Authentication & the practical.

Authentication and seession management are the core components of web applications. Authentication verifies the identity of users and provides them with a session cookie. A session cookie is needed because web servers use HTTP(S) to communicate which is stateless. Attaching a cookie means that the server will know who is sending what data and keep track of their actions.

Ways to mitigate this is for the application to enforce a strong password, apply an automatic lockout for brute force attacks, and implement 2fa or multi factor authentication.

Practical

To login to darren and arthur's account, I simply had to register a new account under both users except with a space before the name.

The authentication system on the website was broken which made it very easy to get into both accounts and retrieve the flags.

Previous[Severity 1] Command Injection Next[Severity 3] Sensitive Data Exposure

Last updated 2 years ago