Broken Authentication is related to login page, to broke the authentication of the web application its a vulnerability in the login page broken authentication is divided into two parts:-
1)Credential Stuffing: As if any web application data gets leak so attackers use the username and
password to login any more others account and try to get the confidential information. To avoid this
attacks can use two factor authentication.
2)Default Password:- A default password is a device usual preconfigured password. Several devices run
pre-configured with such passwords, if we didn't change then their is high security risk. Use strong
password so nobody could guess your password.
Session Management Attacks
The big issue of Session Management is session id is passed in URL only. Attackers can acquire passwords
or session IDs to access user accounts and mimic their IDs if session management is not properly
secured and managed. Attackers can imitate other users on the network, system, or application if
session IDs are hacked. This type of Attack is known as session hijacking.
