TryHackMe — OWASP Top 10 — Authentication
Authentication is one of OWASP's Top 10 Vulnerabilities and this blog serves to provide a walkthrough of the TryHackMe Lab on the OWASP Top 10 which provided insight into this specific vulnerabilty and how to exploit it.
What is Authentication as it relates to OWASP?
Broken Authentication Practical
To see this in action go to http://IPADDRESS:8888 and try to register a user name darren, you’ll see that the user already exists so then try to register a user “ darren” and you’ll see that you are now logged in and will be able to see the content present only in Darren’s account which in our case is the flag that you need to retrieve.
I will now attempt to register _darren with a space before it for the username and the other credentials required that I will create…The user _darren is created
Log in with the credentials just created and be sure to include the space before the username to retrieve the flag…
This allowed me to log in and access the previously registered darren’s account despite not having any of his credentials to do so.
What is the flag that you found in darren’s account?
What is the flag that you found in arthur’s account?