A2 Broken Authentication and Session Management
Introduction
Broken authenitication and session management ranges from poor login functions to bad session management. Login functions that does not have adequate parameters to check for password and username can cause SQL injection and bypass the login function. For session management, predictable session token, improper session destroy are part of this vulnerability. If the vulnerability is being successfully exploited, the sessions that are created by the authentic users can be listened and monitored by the attackers. The attackers can also take the opportunity to commit fraud or alter the information that is being sent to the server. The attackers can also create bogus website and do man-in-the-middle attack. This can cause major leakage to confidential informations.
Tools needed:
-
BurpSuite
-
Editthiscookie extension from Chrome
Video
Broken Authentication
Other possible methods:
Some tips of solving the vulnerability is to:
-
Use preg_match to remove the special characters like (",",!,@,#,') or strings like (1=1) for login fields
-
Have proper session destroy on the sessions
-
Randomise the session token
-
Set cache-control and pragma to "no-cache"
