Broken Authentication

Broken Authentication

Hi, in this tutorial of Extreme Vulnerable Node Application (XVNA) we show the Broken Authentication vulnerability where we could access the application without having any credentials and could also use its REST call without any authentication. This is a huge vulnerability in XVNA.


We could crack the application in the following manner, see the video for more details.

Extreme Vulnerable Node Application is available at Github https://github.com/vegabird/xvna and you can download it and test in your localhost.

Prevention:

For Broken Authentication, we need to check the user authentication on each and every page visit and need maintain the session for it.


    • Related Articles

    • Broken Access Control

      Hi, in this tutorial we will see Access Control of Extreme Vulnerable Node Application (XVNA). The main aim is to break the access, in XVNA we found vulnerability of IDOR (Insecure Direct Object Reference). This could be vulnerable and could be used ...
    • OWAP TOP 10 2017

      Application Security Risk 2017 The OWASP top ten has been changed and following list is the updated. A1:2017 – Injection A2:2017 – Broken Authentication A3:2017 – Sensitive Data Exposure A4:2017 – XML External Entities (XXE) A5:2017 – Broken Access ...
    • Vulnerability Assessment Checklist

      A vulnerability assessment is a process that identifies and assigns severity levels to security vulnerabilities in Web applications that a malicious actor can potentially exploit. The assessment is conducted manually and augmented by commercial or ...
    • Common website vulnerabilities

      These are the some common website vulnerabilities found during the vulnerability scan. Always developers need to plan to block these loop holes for eliminating these following common vulnerabilities. 1. SQL INJECTIONS SQL injection is a type of web ...
    • OWASP TOP

      The OWASP Top Ten is a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts ...