OAuth Attacks
When authentication
and security
comes together then it creates a severe vulnerability as it gives access to some of the sensitive data
and functionality
.
What is Authentication
It is the process of verifying the identity
of a given user
, in simple words it is a way to make sure that they really are who they claim to be while authenticating.
There are three
authentication factors into which different types of authentication can be categorized:
Knowledge Factors => Something you know such as password or the answer to the security question.
Possession Factors => Something you have such as a mobile phone or security token.
Inherence Factors => Something you are such as biometrics or patterns.
Authentication Vs Authorization
Authentication
is the process of verifying that a user really is who they claim to be, and Authorization
involves verifying whether a user is allowed to do something or not !
You would have heard people saying, your not authorized to do that and stuff right ?
With respect to the Web Context
Authentication determines whether someone attempting to access the site with the username Carlos
really is the same person who created the account after being authenticated.
His permissions determine whether or not he is authorized
. For example, to access personal information about other users or perform actions such as deleting another user's account.
How do authentication vulnerability arise
The authentication mechanisms are weak because they fail to adequately protect against brute-force attacks.
Logic flaws or poor coding in the implementation allow the authentication mechanisms to be bypassed entirely by an attacker. This is sometimes referred to as "broken authentication".
Last updated