In terms of web security, authentication bypass is usually quite easy to avoid, it is a matter of ensuring valid credentials anywhere they are required. Before performing any action that requires a logged-in user, check the cookie (or other persistent authentication mechanism) for validity to perform the action requested.Unfortunately, it isn't so easy: Using CSRF, the attacker can exploit the fact that a user may already be logged into his router. If the programmer of the web app is unaware of this type of attack, he is bound to get it wrong, because usually some extra implementation details are necessary to defeat it.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds