OAuth Attacks

When authentication and security comes together then it creates a severe vulnerability as it gives access to some of the sensitive data and functionality.

What is Authentication

It is the process of verifying the identity of a given user, in simple words it is a way to make sure that they really are who they claim to be while authenticating.

There are three authentication factors into which different types of authentication can be categorized:

• Knowledge Factors => Something you know such as password or the answer to the security question.

• Possession Factors => Something you have such as a mobile phone or security token.

• Inherence Factors => Something you are such as biometrics or patterns.

Authentication Vs Authorization

Authentication is the process of verifying that a user really is who they claim to be, and Authorization involves verifying whether a user is allowed to do something or not !

You would have heard people saying, your not authorized to do that and stuff right ?

With respect to the Web Context

Authentication determines whether someone attempting to access the site with the username Carlos really is the same person who created the account after being authenticated.

His permissions determine whether or not he is authorized. For example, to access personal information about other users or perform actions such as deleting another user's account.

How do authentication vulnerability arise

• The authentication mechanisms are weak because they fail to adequately protect against brute-force attacks.

• Logic flaws or poor coding in the implementation allow the authentication mechanisms to be bypassed entirely by an attacker. This is sometimes referred to as "broken authentication".