Broken Authentication is a flaw in an authentication schema of a website!
There are plethora of ways to find broken authentication. Here, I have shared one of the way which can help you to find Broken Authentication!
Steps:
1) Create on website you are hunting having email address "x@y.com".
2) Now Logout and ask for password reset link.
3)Don't use the password reset link sent to your mail address.
4) Login using the same password back and update your email address to "a@b.com". Remove "x@y.com".
4) Now logout and use the password reset link which was mailed to "x@y.com" in step 2.
5) Password will be changed.
Here is the Attack scenario:
1) Suppose My email account is compromised or I am sitting at cyber cafe where I forgot to logout my account. Attacker asks for password reset link for my account. 2) I got to know, I change my email address on my original account. I now assume i am safe. 3) But the attacker can still use the old password reset links ( that are not used) which were sent to my old email address. 4) My account is now compromised again.
Do let me know if you have any questions and problems while hunting!
Thank you for reading!
