Broken Authentication

Manieendar Mohan
Published on
24 Jun 2018

Broken authentication happens due to the poor implementation of application functions related to the session management and authentication. This allows the attackers to compromise passwords or session tokens


Most broken authentication attacks occur due to the continued use of passwords as a sole factor for authentication. password rotation and complexity requirements are viewed as encouraging users to useand and reuse weak passwords.


Attackers have to gain access to only a few accounts or just one admin account to compromise the whole system. Depending on the domain of the application this may allow social security fraud, or identity theft and disclose legally protected highly sensitive information.

Mitigation / Precaution

  • Temporarily blocking an IP that originated a high number of authentication errors in a brief period.
  • Tight password policy, not allowing weak or well-known passwords and not the usage of default admin credentials.
  • Not rotating the session ID after a successful login.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Manieendar Mohan
Manieendar Mohan
Cyber Security Lead Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.