Broken Authentication Vulnerability

Broken Authentication is in one of the OWASP Top 10 Vulnerabilities. The essence of Broken Authentication is where you (Web Application) allow your users to get into your website by creating a new account and handling it for specific reasons. In Broken Authentication, whenever a user login into its account, a session id is being created, and that session id is allowed to that particular account only. Now if the web application is crafted securely in terms of Authentication, then it is well and good but in case if it is not then the attacker may use several under given techniques.

  • Credentials stuffing: In Credential Stuffing an attacker has a standard list of default passwords and usernames. By this list, they can brute-force the accounts and can log in into legitimate accounts. It is hardly recommended for users to change their default usernames and passwords to get secure from such attacks. An attacker can generate a list of Custom passwords also depending upon his prior information to the target by various tools in Linux such as CRUNCH.
  • Unhashed Passwords: Changement of clear-text password into scrambled words through which an attacker can be tricked is called hashing of passwords. What an attacker does is, an attacker can intercept the user request as both of them are on the same network. Using the intercepted request they can clearly see the Clear Text Submission Of passwords that users submit on the website. Using this technique user can lose his Account Authorization & Confidentiality.
  • Misconfigured Session Timeouts: The scenario where a user had log out of the account and an attacker has the cookie of that user. Using the cookie, an attacker can still have access to that account. Using this type of loophole Cookie Tampering, Session hijacking and other attacks can be chained into one single loophole, which is also known as chaining of bug. Such type bugs are referred to as Misconfigured Session Timeout.

Attackers used the above methods in case they found Broken Authentication as Vulnerability to get into thousands and lakhs of user accounts depending upon the number of users on the website.

Broken Authentication Vulnerability Exploited: There are numerous ways to test Broken Authentication Vulnerability in this article we are going to take a brief look into a straightforward method.



Method: Exploiting the Cookie

  • Step 1: Create an account in a web application, and here I have used a Vulnerable web application created for practice purposes.
  • Step 2: Intercept the Request with proxy tools such as Burpsuite and analyze the backend details. While intercepting the request, one will see something like this. Analyze the user id cookie it has generated for the specific user, i.e. you who have created an account.
  • Step 3: Since the Cookie “UserId” has been sent to us by the server so it can be modified to check the profiles of other users by manipulating the cookie. We will try to brute force the USERID cookie and will check for the response.
  • Step 4: After the Bruteforcing the USERID cookie, we will see the response, which will be showing OK (200) code, it means that this particular combination work for the user id.
  • Here in the image, we can see that there are so many requests that all are having OK status, and when we clicked on Request no 441, we saw that the user id brute force was 10411. Its username us AndyPaul, and its default password was “PASSWORD.” Hence in this way, we can extract an ample number of User Accounts if the Broken Authentication Vulnerability exists in the Web Application.

    Impacts of Broken Authentication Vulnerability:

    • Exposed numerous User Accounts
    • Data Breaches
    • Administrative Access
    • Sensitive Data Exposure
    • Identity Theft

    Remediation Of Broken Authentication Vulnerability Broken Authentication Vulnerability is a severe issue if it is prevailing in a Web Application because such loopholes can cause the company a million dollar attack in terms of Data Breaches. The following mention points are some of the remediation that a web application can impose on itself to get safe from such attacks.