Autenthentication vulnerabilities

Username enumeration via different responses Username enumeration via subtly different responses Username enumeration via response timing Broken brute-force protection, IP block Username enumeration via account lock 2FA simple bypass 2FA broken logic Brute-forcing a stay-logged-in cookie Offline password cracking Password reset broken logic Password reset poisoning via middleware Password brute-force via password change

PreviousFile path traversal, validation of file extension with null byte bypass NextUsername enumeration via different responses

Last updated 6 months ago