LAB 103 - Identifying Broken User Authentication Vulnerabilities

Course Overview

Authentication is the process of attempting to verify identity; Problems with authentication can be introduced at many phases throughout the software development life cycle, so adversaries have a potentially broad attack surface to work with. One technique adversaries use and learners can perform as part of penetration testing is to interact with aspects of the authentication mechanism to find valid identifiers. Registration, or the process of creating new accounts, is part of authentication.

This lab presents a challenge in the Gold Standard cyber range that reveals a Broken User Authentication vulnerability. The challenge is “Register as Loan Officer.” Abusing the registration functionality allows an adversary to bypass filters or access controls in Gold Standard to gain access to a default higher-privilege account.