According to OWASP, Broken Authentication and Session Management was defined as ‘Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities.’ In other words, an attacker can get unauthorized access of the user due to the flaw in the implementation. Before exploiting this vulnerability you need to know few concepts
- What is a Session and why do we need a Session
- What is a Cookie
- What is an Authentication