Showing posts from April, 2019

Modern Authentication Bypasses

Modern Authentication Bypasses Introduction *hacker voice* “I’m in” is a Hollywood-esque phrase you’ve probably heard before. But how does someone actually do that? Do you wear a hoodie and change your terminal text to bright green? You could, but that won’t be of much help. Bypassing authentication is when an attacker gains access to an application, service, or device with the privileges of an authorized user by evading the checks of an authentication mechanism [1]. There are many different ways to bypass authentication mechanisms in modern environments. It could be anything from unsanitized input to exploiting the underlying authentication protocol. Authentication methods rely on the premise that each user is unique: Thus, no login can be duplicated. We will be taking a look at the some of the different types of authentication bypasses that you are likely to see in a modern environment. Injection When you input a username and a password to an application all that occurs is a query t…