Insufficiently Protected Authentication

Reconnaissance

While most applications require authentication to gain access to private information or to execute tasks, not every authentication method is able to provide adequate security. Negligence, ignorance, or simple understatement of security threats often result in authentication schemes that can be bypassed by simply tampering with cookie values.

Let's log in

Exploitation

We have a cookie called userId, maybe this application is relying on this cookie for authentication, let's try changing to 2 and sending the request again.

The application did indeed use this cookie for authentication and now we have access to another user's API key.

PreviousUUID Insecurities NextInsecure WebSocket Authentication

Last updated 1 year ago