What is Authentication and Authentication Vulnerability?

Authentication identifies the user and confirms that they are who they say they are. It's a very important as well as critical functionality for any software. There may be different types of authentication methods -

• HTML Form-Based Authentication
• Windows Integrated Authentication using NTLM
• Multi-factor Authentication etc ........

Authentication Vulnerability arises from insecure implementation of the authentication mechanism of an application.

Types of Authentication Vulnerabilities -

Weak Password Requirements -

This arises due to having no or minimal control over the quality of the user's password.

What to check for?

• very short or blank password
• common dictionary words or names
• use of default password
• The password is the same as the username
• missing or ineffective MFA

Possible Attacks - dictionary-based brute force attacks, MFA bypass

Improper Restrictions of Authentication Attack -

This arises due to the absence of rate limiting or account lockout functionality after multiple incorrect login attempts.

What to check for?

• Multiple incorrect login attempts
• Unlimited requests to the following pages -     - login     - MFA/OTP pages     - Change Password page

Possible Attacks - brute force attack, Botnet attack, Denial of Service attack, account takeover etc.

Insecure forget password functionality -

Design weaknesses in the forgotten password functionality usually make the weakest link that can be used to attack application's overall authentication logic.

What to check for?

• Too much trust in the user's input in the reset password page (like - token, username etc.)
• Missing check if the user has requested to reset the password
• Password reset token remains valid after a successful reset
• Improper check for validity of the token

Possible Attacks - brute force attack, account takeover etc.

Verbose error messages -

The error message generated by the website gives more than the information required by the user.

What to check for?

• Incorrect username message for incorrect username
• Incorrect password message for incorrect password

Possible Attacks - information disclosure, brute force attack etc.

Vulnerable transmission of credentials  -

The error message generated by the website gives more than the information required by the user.

What to check for?

• HTTPS to HTTP downgrade or no redirects from http to https version of the website
• TLS version downgrade

Possible Attacks - account takeover, cookie stealing etc.