A2 – Broken Authentication and Session Management

The problem here is related to identity and permissions. As the official definition states:

"Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users' identities."

This is even worse when the false authenticated users are remote (the typical case) and therefore difficult to track.

The problems here are multiple:

We might accept unwanted users (information and operation disclosure)
- A variant of this is when an unwanted user gets administrator privileges, thus putting the whole system at risk
We might accept a user with credentials ...

Get Mastering C# and .NET Framework now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering C# and .NET Framework by Marino Posadas

A2 – Broken Authentication and Session Management

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly