Part 7 Lab Solution 1

Video Activity

In this lab-based lesson, participants receive step by step instructions for the authentication flaw of forgot password and how they are vulnerable to brute force attacks.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
9 hours 31 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Description

In this lab-based lesson, participants receive step by step instructions for the authentication flaw of forgot password and how they are vulnerable to brute force attacks.

Video Transcription
00:04
Hello and welcome to the cyber Eri Secure coding course. My name is Sonny Wear and this is a lost top 10 for 2013.
00:14
A two broken authentication this session management.
00:17
This is the lab and solution for the web. Goat authentication flaw Forgot password.
00:26
This is the video solution for the authentication flaw of forgot password.
00:34
It says users can retrieve their password if they can answer the secret question properly.
00:40
There is no lockout mechanism on this forgot password page.
00:47
Now the user name is Web goat, and your favorite color is red. The goal is to retrieve the password of another user.
00:56
So this really goes into how thresholds need to also be established for the secret question responses as well. Otherwise, they're susceptible to brute force attacks.
01:10
I'm going to start by just using the valid values here,
01:17
and the favorite color is rid.
01:22
Okay, so now if I want to start again, but I want to escalate my privileges to admin
01:30
favorite color while we can, we can take a guess. Let's say it's blue
01:37
knows
01:40
who oranges wrong. Okay, how about green?
01:46
And there you have it, and it even displays a password Of course, these days it would probably
01:52
send a link to the email address for this person, which means
01:59
may have to go to one of the other lessons about adding in backdoor triggers.
02:05
Two to possibly change that, that email address to be of the Attackers or something in that vein.
Up Next