Skip to main content

Broken Authentication

What does Broken Authentication mean ?

Broken Authenticationis a collective term for various vulnerabilities and security holes caused by a faulty implementation of the authentication and session management of a website. The reason for the problems is often the incorrect implementation of access controls by the web developer.

In many cases, Broken Authentication problems are caused by passwords and usernames. If the password management of a web application allows passwords that are too simple, for example with a length that is too short or without special characters, or if the login information of the users is not stored in a sufficiently protected way, this can lead to security problems. Also a common cause of Broken Authentications problems is the failure to limit logon attempts to a web page. If the login can be repeated as often as desired, so-called brute force attacks are possible. Brute force attacks involve trying a high number of possible combinations of passwords and usernames to gain access.


Broken Authentication Problems usually lead to user accounts being taken over by an attacker. In this way, an unauthorized user gains the same rights as the actual user. If the user account of a website administrator can be hijacked by an attacker, this will in most cases have serious consequences for the entire web application. Countermeasures include requiring users to choose complex passwords, temporarily blocking IP addresses from which passwords are frequently tried, and not appending the user’s session ID to the website URL.

Do you have any more questions?

Please contact us

Further contents