Authentication Vulnerabilities

Video Walkthrough :

Writeups :

Lab Name	Visit
2FA simple bypass	View
Password reset broken logic	View
Username enumeration via different responses	View
2FA broken logic	View
Brute-forcing a stay-logged-in cookie	View
Offline password cracking	View
Password brute-force via password change	View
Password reset poisoning via middleware	View
Username enumeration via account lock	View
Username enumeration via response timing	View
Username enumeration via subtly different responses	View
Broken brute-force protection, IP block	View
Broken brute-force protection, multiple credentials per request	View

13 items under this folder.

Oct 15, 2025
Lab - 2FA broken logic
Oct 15, 2025
Lab - 2FA simple bypass
Oct 15, 2025
Lab - Broken brute-force protection, IP block
Oct 15, 2025
Lab - Broken brute-force protection, multiple credentials per request
Oct 15, 2025
Lab - Brute-forcing a stay-logged-in cookie
Oct 15, 2025
Lab - Offline password cracking
Oct 15, 2025
Lab - Password brute-force via password change
Oct 15, 2025
Lab - Password reset broken logic
Oct 15, 2025
Lab - Password reset poisoning via middleware
Oct 15, 2025
Lab - Username enumeration via account lock
Oct 15, 2025
Lab - Username enumeration via different responses
Oct 15, 2025
Lab - Username enumeration via response timing
Oct 15, 2025
Lab - Username enumeration via subtly different responses