Store

Broken Authentication

A vulnerable authentication system could allow attackers to impersonate as a legitimate users by compromising passwords, session tokens etc. The technical impact is very worse if you could log in as anybody else and then you would have access to all resources on their website or application as per the compromised user account privileges.

Vulnerabilities in authentication systems give attackers access to compromised user accounts and even the ability to compromise an entire system using an admin account and can have access to all other users credentials.

Category: Loopholes: Section-I

Description

Description

Remediation Techniques:

Enforce multi-factor authentication (MFA).
Remove default credentials login.
Enforce strong password creation and storing policies.
Implement controls such as delayed failed logins, randomized session IDs, session timeouts etc as preventive measures with logging of all failed login attempts by implementing authentication filters.

Broken Authentication

Description

Related products

XSS – Cross Site Scripting

SQL Injection

Insecure Deserialization