1
00:00:00,900 --> 00:00:02,400
Broken authentification.

2
00:00:03,620 --> 00:00:09,500
Just by its name, we can already assume what type of vulnerability this is and what it does.

3
00:00:10,610 --> 00:00:17,900
And this is one of the most common attacks and vulnerabilities in past years now, broken authentication

4
00:00:17,900 --> 00:00:22,740
is usually tied to sessions, but let's define a session first.

5
00:00:23,480 --> 00:00:25,190
So what is it?

6
00:00:26,790 --> 00:00:34,830
What we can say sessions are a sequence of network transactions or network requests associated to the

7
00:00:34,830 --> 00:00:37,560
same user for a certain period of time.

8
00:00:38,560 --> 00:00:43,440
This is what identifies an individual on a Web page, a session.

9
00:00:44,510 --> 00:00:49,650
Now, don't confuse sessions with authentication, even though they are quite similar.

10
00:00:49,700 --> 00:00:56,780
And sessions to interact and do change based on whether a user is authenticated or not, sessions are

11
00:00:56,780 --> 00:00:59,990
established even when a user is not authenticated.

12
00:01:00,710 --> 00:01:05,720
It's just that it changes once the user does authenticate on the website.

13
00:01:06,750 --> 00:01:13,980
OK, but regarding broken authentication, what attacks do we have, what can we do to test for this

14
00:01:13,980 --> 00:01:14,640
vulnerability?

15
00:01:15,480 --> 00:01:21,390
Well, there are different types of the attacks, but we can separate them into two different groups,

16
00:01:21,990 --> 00:01:30,480
group number one, which are attacks that the user is responsible for, and group number two attacks

17
00:01:30,480 --> 00:01:33,390
that the developer is responsible for.

18
00:01:34,220 --> 00:01:39,690
OK, so both sides take place into making these attacks work, how exactly?

19
00:01:40,400 --> 00:01:44,030
Well, users are responsible for their credentials.

20
00:01:44,630 --> 00:01:50,720
They're responsible for making their passwords as strong as it can be by adding numbers, characters,

21
00:01:50,900 --> 00:01:52,760
upper and lower case letters.

22
00:01:53,340 --> 00:01:59,590
However, usually this isn't the case and they choose an easy password that has a meaning to them.

23
00:02:00,490 --> 00:02:04,850
We can target this with attacks like brute force of the credentials.

24
00:02:05,330 --> 00:02:12,410
We can brute force usernames, passwords, security questions and anything that we need to get into

25
00:02:12,410 --> 00:02:12,950
an account.

26
00:02:14,010 --> 00:02:19,950
These type of the attacks we will cover in the next section, however, in this section, we're more

27
00:02:19,950 --> 00:02:26,250
interested in covering mistakes in website configuration that allows us to steal our session.

28
00:02:27,390 --> 00:02:33,210
These Web developers are responsible for this session management, how the website is going to process

29
00:02:33,210 --> 00:02:36,420
different sessions and what parameters is it going to use?

30
00:02:37,320 --> 00:02:43,080
Usually these sessions are identified with cookie values or other type parameters.

31
00:02:43,890 --> 00:02:48,030
Sessions are considered as important as user credentials.

32
00:02:48,570 --> 00:02:54,150
Highjacked session ID is as strong as a stolen login credential.

33
00:02:55,070 --> 00:03:00,480
And that is the tag that we will mostly be doing, session hijacking or session stealing.

34
00:03:01,310 --> 00:03:04,220
There are many approaches as to how we can do that.

35
00:03:04,760 --> 00:03:08,090
One of them is an attack called session fixation.

36
00:03:08,990 --> 00:03:15,830
The main idea behind this attack is that the attacker predetermines the session ID that the victim will

37
00:03:15,830 --> 00:03:16,130
use.

38
00:03:16,910 --> 00:03:24,470
For example, the attacker could send the victim a link that contains a predetermined session ID, and

39
00:03:24,470 --> 00:03:28,940
that link might require the victim to log in after they log in.

40
00:03:29,120 --> 00:03:35,370
The attacker can then use that session ID to impersonate the victim after the victim logs in.

41
00:03:36,260 --> 00:03:40,870
There is also a possibility of weak encryption or weak cookie values.

42
00:03:41,600 --> 00:03:48,470
It can be that the website transmit the passwords in plain text or in a weak encryption that can easily

43
00:03:48,470 --> 00:03:49,160
be reversed.

44
00:03:49,550 --> 00:03:52,010
This is also a point of attack for hackers.

45
00:03:52,670 --> 00:03:58,790
Credentials should have best encryption possible since they are the main things keeping someone to have

46
00:03:58,790 --> 00:04:02,150
an unauthorized access to another person's account.

47
00:04:03,050 --> 00:04:05,110
Same goes with cookie values.

48
00:04:05,570 --> 00:04:07,930
They have to be random and unpredictable.

49
00:04:08,660 --> 00:04:14,210
Now, different examples of broken authentication text we're going to see in this section while brute

50
00:04:14,210 --> 00:04:18,339
force attacks and similar will do much more in the next section.

51
00:04:18,709 --> 00:04:22,460
So get ready and let's get straight into practical examples.