In this walk through, we will be going through the Authentication Bypasses vulnerability section from Webgoat Labs. We will be exploring and exploiting Authentication Bypasses in Verify Account functionality and learn how application are affected because of it. So, let’s get started with the Hacking without any delay.
Table of Contents
1. 2FA Password Reset
- In this challenge, we have to bypass the 2FA Password Reset functionality which uses security questions to confirm the user’s identity.
- I intercepted the request via Burpsuite and changed the security question no.s in the POST payload parameter which bypass the check and thus marked our challenge as complete.
Also Read: Webgoat – Admin lost password
Conclusion:
So, we finally completed the Webgoat Authentication Bypasses Vulnerability section. Next, we can mitigate these types of attacks by processing data more on the server side and not give the user the access to interfere with the application’s logic by manipulating data on client side. On that note, i will take your leave and will meet you in next one with another Webgoat vulnerability writeup, till then “Keep Hacking”.