LAB 103 - Identifying Broken User Authentication Vulnerabilities


Course Details

Course Number: LAB 103

Course Duration: 7 minutes

Course CPE Credits: 0.14

Related Subject Matter

Foreign Languages Available:

  • English

Course Overview

Authentication is the process of attempting to verify identity; Problems with authentication can be introduced at many phases throughout the software development life cycle, so adversaries have a potentially broad attack surface to work with. One technique adversaries use and learners can perform as part of penetration testing is to interact with aspects of the authentication mechanism to find valid identifiers. Registration, or the process of creating new accounts, is part of authentication.

This lab presents a challenge in the Gold Standard cyber range that reveals a Broken User Authentication vulnerability. The challenge is “Register as Loan Officer.” Abusing the registration functionality allows an adversary to bypass filters or access controls in Gold Standard to gain access to a default higher-privilege account.

Ready to Demo this course? Questions? Contact Us!