Broken Authentication and Session Management

Security Assessment

SecurityAssessment_BrokenAuthentication

CVSS Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Vulnerability Information

Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users' identities temporarily or permanently.

Abusing such vulnerability, an attacker may be able to hijack user sessions and access or modify information for which he has no permission.

Contribute

You are facing an issue that is not covered in our guides?

We are happy to include solutions here. Please send us an e-mail to support@crashtest-security.com.

Crashtest Security

Crashtest Security is a Munich, Germany based start-up that redefines web application vulnerability scans.  The Crashtest Security Suite is differentiating itself as a fully automated vulnerability scanner enhanced with artificial intelligence developed for the needs of the agile developer or SecDevOps. Clear vulnerability insights are provided as well as contextual actionable insights for risk mitigation.