bWAPP - Broken Authentication (Logout Management)

bWAPP – Broken Authentication (Logout Management)

In this walk through, we will be going through the Broken Authentication (Logout Management) vulnerability section from bWAPP Labs. We will be exploring and exploiting application’s logout management and learn how application are affected because of it. So, let’s get started with the Hacking without any delay.

Broken Authentication (Logout Management)

Table of Contents

Security: Low

  • Setting the security level to Low.

Security level Low

  • The application has a Log out functionality on the page this time which is used to logout from the current session. Once clicked on the “here” on the page performs a call to ba_logout_1.php.

Broken Authentication

Page source code

  • I clicked on the “here” and was prompt with an alert for confirmation. Post confirmation, i was redirected to the login page.

Are you sure?

Login screen

  • Once logout i was still able to move back to the previous page using the back button. Hence, bypassing the Logout Management.

bWAPP - Broken Authentication (Logout Management)

Broken Auth - Logout Management

Also Read: bWAPP – Broken Authentication (Forgotten Password)

Conclusion:

Conclusion

So, we finally completed all the security levels for the bWAPP Broken Authentication (Logout Management) Vulnerability. We looked into the various ways how application has been set up in various levels and how we can bypass the security controls implemented. Next, we can mitigate the potential attacks on Logout Management by making sure that the user is unable to go back and view the authenticated page after he’s been logged out. Along with that, cookies should be properly flushed upon clicking the logout button to avoid any issues later. On that note, i will take your leave and will meet you in next one with another bWAPP vulnerability writeup, till then “Keep Hacking”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top