A2 - Broken Authentication

Broken Authentication Involves application logic handling authentication and session management.

For example - setting a default admin password would render any authentication logic broken

A vulnerable implementation could allow attackers:

  • To compromise passwords, tokens or keys

  • Assume the identity of users of the application

  • Take complete control over the application (i.e. gets access to an administrator account)

PreviousCommand Injection in DVNANextBroken Authentication with bWAPP

Last updated