The majority of threats related to the authentication process are associated with passwords and password-based authentication methods. But broken authentication also causes a significant amount of vulnerabilities. Broken authentication occurs when the implementation of the authentication process is flawed. Unfortunately, this is usually hard to discover, and can be more severe than the risks associated with passwords. Show
This blog post explores the security vulnerabilities that are commonly found in the authentication and password process of a software application. It will also discuss common attack vectors that are used to exploit weak authentication processes. 6 vulnerabilities related to broken authentication1. Vulnerable authentication logicLogical flaws are a common source of vulnerabilities in software applications and affect the authentication process in the same way. Flawed assumptions about user behaviors, excessive trust in the user inputs, and enforcement of security controls only under specific conditions are typical examples of vulnerable authentication logic. 2. Weak account/password recovery processOften security controls are only enforced during the authentication process. Exploiting weak account and password recovery processes is common and involves misusing the "forgot account" or "forgot password" process. For example, in 2016, a security researcher found a way to exploit Google's account recovery feature, which allowed them to hijack the victim's account entirely. 3. Using a vulnerable authentication libraryModern software is written with many dependencies. A vulnerability in the authentication dependency can bite back the whole authentication process. For example, an authentication flaw in WordPress Infinite WP Client and WP Time Capsule plugins let anyone log into the WordPress administrator's account without any password. 4. Insecure session handlingAuthentication should be a continuous process. But asking users to prove credentials at each step is impracticable. That's why authentication states are kept in a stateful session. A vulnerability in session management allows a malicious user to ride on a valid authenticated session without the need for authentication. Improper user logout functionality, lack of session timeouts, insecure practices of storing session data in non httponly cookies, web pages, or browser storage are common vulnerabilities related to session handling. 5. Missing rate limiters and lockout processRate limiters and lockout processes prevent brute-force attacks. Lack of this functionality opens many other ways to exploit authentication processes such as password cracking, user enumeration and denial of service. 6. Insecure two-factor authenticationTwo-factor authentication (2FA) is a proven way to improve the security of the authentication process. But a flawed implementation can let the malicious users completely bypass the 2FA, nullifying the security advantage. For example, researchers at Duo Labs successfully bypassed PayPal's two-factor authentication. The vulnerability was that the PayPal REST API had insecure enforcement of two-factor authentication when authenticating using OAuth. Similarly, in another recent case, Varonis researchers found a way to bypass Box's two-factor authentication. The vulnerability was that the feature that allowed a user to disable 2FA did not require any authentication, so anyone could disable the victim's 2FA. Additionally, 2FA based on SMS and phone-based verification are equally considered insecure. 2 additional authentication vulnerabilities related to passwords1. Insecure password verification methodsIn the simplest terms, password-based authentication includes comparing a password stored in a server with a password supplied by the user. Technically, this comparison can be made with a simple string comparison or by verifying hash functions. Hash functions are recommended as they avoid storing passwords in clear text on the server. But using insecure hash functions such as MD5 which are known to be crackable aids attackers in retrieving passwords from stolen hash values. 2. Poor password security enforcementAllowing usage of common, default known passwords or allowing users to set weak entropy passwords create an authentication risk since such passwords are easy to crack. Poor password security enforcement will eventually impact the security of the authentication process. Attack vectorsWhile some vulnerabilities — such as weak passwords and known vulnerable dependency libraries — are easy to exploit, exploiting logical flaws is more challenging and requires a manual attack process. But the most considerable risk might just be tricking users into giving away their credentials. We can classify the attack vectors most commonly used to compromise the authentication process in two ways:
Teleport cybersecurity blog posts and tech newsEvery other week we'll send a newsletter with the latest cybersecurity news and Teleport updates. ConclusionAlthough passwords and password-based authentication methods induce most of the vulnerabilities and threats related to authentication, logical flaws and insecure implementation also cause many problems. Besides the vulnerabilities mentioned in this blog post, it is essential to mention that insecure practices by employees can be a significant vulnerability related to the authentication process. After all, employees are the weakest link, and attack vectors such as phishing attacks are designed to exploit this vulnerability. Secure authentication for infrastructure accessJust as with the case of application security, vulnerabilities in the authentication process related to infrastructure access can be severe. Teleport enables certificate-based passwordless authentication to infrastructure resources which eliminates the risks associated with passwords. Additionally, support for single sign-on(SSO) dramatically reduces the probability of logical flaws related to the authentication process. Learn how Teleport certificate-based authentication works. You can download the community edition to try it for yourself.
What are the 4 main types of vulnerability in cyber security?Below are six of the most common types of cybersecurity vulnerabilities:. System misconfigurations. ... . Out of date or unpatched software. ... . Missing or weak authorization credentials. ... . Malicious insider threats. ... . Missing or poor data encryption. ... . Zero-day vulnerabilities.. What are some of the most common vulnerabilities in authentication?11 Most Common Authentication Vulnerabilities. Flawed Brute-Force Protection. ... . Weak Login Credentials. ... . Username Enumeration. ... . HTTP Basic Authentication. ... . Poor Session Management. ... . Staying Logged In. ... . SQL Injection. ... . Unsecure Password Change and Recovery.. What are the common vulnerabilities?OWASP Top 10 Vulnerabilities. Injection. Injection occurs when an attacker exploits insecure code to insert (or inject) their own code into a program. ... . Broken Authentication. ... . Sensitive Data Exposure. ... . XML External Entities. ... . Broken Access Control. ... . Security Misconfiguration. ... . Cross-Site Scripting. ... . Insecure Deserialization.. What are the possible causes of security vulnerabilities?There are many causes of Vulnerabilities like: Complex Systems – Complex systems increase the probability of misconfigurations, flaws, or unintended access. Familiarity – Attackers may be familiar with common code, operating systems, hardware, and software that lead to known vulnerabilities.
|