Broken Authentication

By
Manieendar Mohan
Published on
24 Jun 2018
owasp

Broken authentication happens due to the poor implementation of application functions related to the session management and authentication. This allows the attackers to compromise passwords or session tokens

Example

Most broken authentication attacks occur due to the continued use of passwords as a sole factor for authentication. password rotation and complexity requirements are viewed as encouraging users to useand and reuse weak passwords.

Impact

Attackers have to gain access to only a few accounts or just one admin account to compromise the whole system. Depending on the domain of the application this may allow social security fraud, or identity theft and disclose legally protected highly sensitive information.

Mitigation / Precaution

  • Temporarily blocking an IP that originated a high number of authentication errors in a brief period.
  • Tight password policy, not allowing weak or well-known passwords and not the usage of default admin credentials.
  • Not rotating the session ID after a successful login.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Manieendar Mohan
Manieendar Mohan
Cyber Security Lead Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Find surface-level website security issues in under a minute
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.