Part 7 Lab Solution 1

Video Activity

In this lab-based lesson, participants receive step by step instructions for the authentication flaw of forgot password and how they are vulnerable to brute force attacks.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
9 hours 31 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Description

In this lab-based lesson, participants receive step by step instructions for the authentication flaw of forgot password and how they are vulnerable to brute force attacks.

Video Transcription
00:04
Hello and welcome to the cyber Eri Secure coding course. My name is Sonny Wear and this is a lost top 10 for 2013.
00:14
A two broken authentication this session management.
00:17
This is the lab and solution for the web. Goat authentication flaw Forgot password.
00:26
This is the video solution for the authentication flaw of forgot password.
00:34
It says users can retrieve their password if they can answer the secret question properly.
00:40
There is no lockout mechanism on this forgot password page.
00:47
Now the user name is Web goat, and your favorite color is red. The goal is to retrieve the password of another user.
00:56
So this really goes into how thresholds need to also be established for the secret question responses as well. Otherwise, they're susceptible to brute force attacks.
01:10
I'm going to start by just using the valid values here,
01:17
and the favorite color is rid.
01:22
Okay, so now if I want to start again, but I want to escalate my privileges to admin
01:30
favorite color while we can, we can take a guess. Let's say it's blue
01:37
knows
01:40
who oranges wrong. Okay, how about green?
01:46
And there you have it, and it even displays a password Of course, these days it would probably
01:52
send a link to the email address for this person, which means
01:59
may have to go to one of the other lessons about adding in backdoor triggers.
02:05
Two to possibly change that, that email address to be of the Attackers or something in that vein.
Up Next
Secure Coding

In the Secure Coding training course, Sunny Wear will show you how secure coding is important when it comes to lowering risk and vulnerabilities. Learn about XSS, Direct Object Reference, Data Exposure, Buffer Overflows, & Resource Management.

Instructed By