A2 - Broken Authentication
Broken Authentication Involves application logic handling authentication and session management.
For example - setting a default admin password would render any authentication logic broken
A vulnerable implementation could allow attackers:
To compromise passwords, tokens or keys
Assume the identity of users of the application
Take complete control over the application (i.e. gets access to an administrator account)
Last updated
Was this helpful?