Broken Authentication

Introduction

Conceptually at least, authentication vulnerabilities are some of the simplest issues to understand. However, they can be among the most critical due to the obvious relationship between authentication and security. As well as potentially allowing attackers direct access to sensitive data and functionality, they also expose additional attack surface for further exploits


If you have learned this vulnerability before, why not going to solve my challenges here?

First of all.. What is Authenticaion?

Authentication is the process of verifying the identity of a given user or client. In other words, it involves making sure that they really are who they claim to be.
There are three main categories of authentication factors:

• Something you know, such as a password or the answer to a security question. These are sometimes referred to as "knowledge factors.
• Something you have, that is, a physical object like a mobile phone or security token. These are sometimes referred to as "possession factors".
• Something you are or do, for example, your biometrics or patterns of behavior. These are sometimes referred to as "inherence factors".

Authenticaion relies on a numbers of technologies to verify one or more of the above factors.

Do you know the.. difference between authentication and authorization?

Authentication is the process of verifying that a user really is who they claim to be, whereas authorization involves verifying whether a user is allowed to do something (You will want to learn some security flaws about authorization in the future).

Some very common technique

If the website does not have rate limit or IP-blocked or something like this, so you should try some of the below methods:

• Account credentials brute-forcing
• Try to manipulate the 2FA logic.
• Pay some attention to the Cookie.