Webgoat - Secure Passwords

Webgoat – Secure Passwords

In this walk through, we will be going through the Secure Passwords vulnerability section from Webgoat Labs. We will be exploring password strengths and learn how application are affected because of it. So, let’s get started with the Hacking without any delay.

Secure Passwords

  • In this challenge, we will test the strength of a password using the given application. The application takes a password as an input and checks for its length, estimated guesses to crack and the estimated cracking time. At last, it provides with a score out of 4 and highlight the strong password in green.

Secure Passwords

  • I entered the below password and it checks all marks and got a 4/4 result.

password: @JesusismyN3ighbour&heisaHax0r

Challenge completed

  • A weak password like before will definitely failed the password. The applications also provided suggestions on how we can improve the password strength.

Weak password

Also Read: Webgoat – Missing Function Level Access Control



So, we finally completed the Webgoat Secure Passwords Vulnerability section. Next, we can mitigate these types of attacks by implementing a strong password policy and avoiding default or commonly used password. Along with that, a lockout mechanism on the login panel will be beneficial in case of bruteforce attacks. On that note, i will take your leave and will meet you in next one with another Webgoat vulnerability writeup, till then “Keep Hacking”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top