Skip to content

Latest commit

 

History

History
38 lines (28 loc) · 1.17 KB

BrokenAuthentication.md

File metadata and controls

38 lines (28 loc) · 1.17 KB

Broken Authentication

Date: 27, December, 2020

Author: Dhilip Sanjay S

  • Authentication and session management - core components of modern web applications.

  • Authentication allows users to gain access to web applications by verifying their identities.

  • Due to stateless nature of HTTP(S), a session cookie is needed.

  • Some common flaws in Authentication mechanisms:

    • Brute Force Attacks
    • Use of weak credentials
    • Weak session cookies - Predictable values.

  • To mitigate these flaws:

    • Automatic lockout after a certain number of attempts
    • Enforce strong password policy
    • Implement Multi factor Authentication

  • Re-registration of existing user - sometimes gives the same rights as the re-registered user (like admin).

Solutions

What is the flag that you found in darren's account?

  • Answer: fe86079416a21a3c99937fea8874b667
  • Steps to Reproduce:
    • Register with username " darren". - Notice the space.
    • Login into the newly registered darren account.

What is the flag that you found in arthur's account?

  • Answer: d9ac0f7db4fda460ac3edeb75d75e16e
  • Steps to Reproduce: Same as before.