⌘Ctrlk

Introduction
- Automation
- Python
- 🌐APPLICATION LEVEL
  🔒AUTHENTICATION
  Authentication Bypass
  Lack of Password Confirmation
  2FA Code Brute-forceable
  Lack of Verification
  Lack of Throttling on Form Submissions
  Lack of Rate Limiting on Login
  Weak Password Complexity Rules
  🖥️SESSION MANAGEMENT
  🔑ACCESS CONTROL
  🔢INPUT VALIDATION
  ➗CRYPTOGRAPHY
  📉LOGGING
  📕DATA PROTECTION
  📲COMMUNICATION
  👨‍💻MALICIOUS CODE
  💡LOGIC
  🗄️FILE UPLOAD
  ⚙️API ISSUES
  🔍CONFIGURATIONS
- 💾INFRASTRUCTURE LEVEL

Powered by GitBook

🐞Vulnerability Wiki
🌐APPLICATION LEVEL
🔒AUTHENTICATION

Lack of Password Confirmation

Severity:

Low

How to test:

A password confirmation should be generated and current password requested for atleast the following items:
1. Change password
2. Change primary email
3. Change 2FA
4. Delete Account
5. Add Account
6. Change membership etc.

PreviousAuthentication Bypass Next2FA Code Brute-forceable

Last updated 3 years ago

Severity:
How to test: