all InfoSec news
Broken Authentication and Session Management
InfoSec Write-ups - Medium infosecwriteups.com
Step-by-Step Explanation
1st Scenario
📌 Old Session Does Not Expire After Password Change
Broken Authentication and Session Management2nd Scenario
📌 Session Hijacking (Intended Behaviour)
Impact: If the attacker gets the cookies of the victim it will lead to an account takeover.
Broken Authentication and Session Management3rd Scenario
📌 Password reset token does not expire (Insecure Configuration)
Broken Authentication and Session Management4th Scenario
📌 Server security misconfiguration
-> Lack of security headers -> …
account account takeover authentication broken-authentication cache configuration control cookies headers hijacking impact insecure management misconfiguration old password password reset reset scenario security security headers server server security session session hijacking session-management takeover token victim