In this educational video we see how an insecure implementation of "Change password" function of a web application will leave the application vulnerable to brute-force attack and allow an attacker to target the application users to enumerate their password and take over their account.
By understanding these security weaknesses, application developers and security engineers can take effective remediation steps to improve the security of their web applications and protect their users data.
Web Security Academy - Lab: Password brute-force via password change:
portswigger.net/web-security/...
Web Security Academy - Authentication lab passwords:
portswigger.net/web-security/...
Find me on Twitter:
/ tracethecode
#websecurity #authentication
25 янв 2023