Hacker Attack and Defense Technology Collection - Notes 3 attacks for Authentication

2010-06-24  来源:本站原创  分类:Internet  人气:157 

Some loopholes

1. Password is too simple
2. Login failed error when the system is given specific information to help select the targeted hacker attacks measures
3. The user name / password thrown into the Cookie, and then get the Cookie by other users (such as: "do not log on within a week")

4. The user to answer "Forgot Password" related issues, the system does not send a message to reset your password, but the password is displayed directly, or through the user authentication, to perform the sensitive operation

5. Server-side code logic problems. Exception in the event of a database instance to the user after successful login

6. Multi-stage login vulnerability: Server code incorrectly assumes that the user has passed the previous stage