A2 - Broken Authentication

Broken Authentication Involves application logic handling authentication and session management.

For example - setting a default admin password would render any authentication logic broken

A vulnerable implementation could allow attackers:

• To compromise passwords, tokens or keys

• Assume the identity of users of the application

• Take complete control over the application (i.e. gets access to an administrator account)