OWASP just updated the Top 10 list.
Check out this in-depth post to learn everything about the new OWASP Top 10 2021.
Discover OWASP Top 10 2021
These types of weaknesses can allow an attacker to either capture or bypass the authentication methods that are used by a web application.
The goal of an attack is to take over one or more accounts and for the attacker to get the same privileges as the attacked user.
A travel reservations application supports URL rewriting, putting session IDs in the URL.
The user utilizes a public computer to access a site. Instead of selecting “logout” the user simply closes the browser tab and walks away. An attacker uses the same browser an hour later, and that browser is still authenticated.
An insider or external attacker gains access to the system’s password database. User passwords are not properly hashed and salted, exposing every user’s password.
Username and Password values that are easy to guess or that are used frequently can be guessed by attackers to obtain unauthorized access.