Broken Authentication Lab
🔐Learning Objective: Broken Authentication & Session Management
Broken authentication occurs when application functions related to authentication and session management are implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or exploit other implementation flaws to assume users' identities.
Common Vulnerabilities:
- • Client-side Authentication: Trust decisions made in browser
- • Weak Session Management: Predictable or unsecured tokens
- • Missing Authorization: No server-side permission checks
- • Session Fixation: Reusing session IDs across privilege levels
Attack Outcomes:
- • Privilege escalation to admin access
- • Account takeover and impersonation
- • Access to sensitive business data
- • Unauthorized system modifications
Login
Test Credentials:
Admin: admin / admin
User: any username / any password
Exploit Techniques
Change localStorage isAdmin value to 'true'
Modify the auth token to include admin privileges
Directly modify user role in localStorage
💡 Manual Exploitation: Open browser DevTools → Application → Local Storage
Try manually editing the 'currentUser', 'authToken', or 'isAdmin' values to see how client-side authentication can be bypassed.
📚Understanding Broken Authentication
What's Wrong Here?
🔓 Client-side authentication: User roles stored in localStorage
🔓 No server validation: API trusts client-provided tokens
🔓 Weak session management: Predictable token generation
🔓 No authorization checks: Admin panel accessible to anyone
Guided Exploitation
Login with Any Credentials
Login with any username/password combination to establish a session.
Inspect Browser Storage
Open DevTools → Application → Local Storage to see stored authentication data.
Modify Authentication Data
Change 'isAdmin' to 'true' or modify user role to 'admin'.
Access Admin Panel
Refresh the page to see admin content with sensitive data.