bWAPP - Broken Authentication (Forgotten Password)

bWAPP – Broken Authentication (Forgotten Password)

In this walk through, we will be going through the Broken Authentication (Forgotten Password) vulnerability section from bWAPP Labs. We will be exploring and exploiting Forget password functionality and how application are affected because of it. So, let’s get started with the Hacking without any delay.

Broken Authentication (Forgotten Password)

Table of Contents

Security: Low

  • Setting the security level to Low.

Security level Low

  • The application has a “Forget secret” functionality which is used to retrieve the user’s secret if in case he has forgotten it. The functionality asks for a user’s email to see the secret. The application issued POST request to ba_forgotten.php file in order to display the secret.

Broken Auth - Forgetten Function

Burpsuite request

  • I entered a random email and got an “Invalid user!” error. That means the application is checking the registered user name only.

Invalid user

  • I entered an email of the user bee and got the secret.

[email protected]

Bee secret

  • We can exploit this functionality if we only know the user’s email. For the proof of concept, i make a fake user named “Kratos”.

Create user

  • As i entered the email address of my target user, i got his secret.

[email protected]

Kratos secret

Also Read: Tryhackme – Dirty Pipe: CVE-2022-0847

Conclusion:

Conclusion

So, we finally completed all the security levels for the bWAPP Broken Authentication (Forgotten Password) Vulnerability. We looked into the various ways how application has been set up in various levels and how we can bypass the security controls implemented. Next, we can mitigate the potential attacks on Forget password functionality by making sure that the password reset token is being securely sent to the concerned user. On that note, i will take your leave and will meet you in next one with another bWAPP vulnerability writeup, till then “Keep Hacking”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top