Definition

What is Broken Authentication?

A class of vulnerabilities that allows attackers to compromise passwords, keys, or session tokens, or exploit implementation flaws to assume other users' identities. Common examples include weak password policies, susceptibility to credential stuffing, insecure session management, and improperly protected password reset flows. It consistently ranks among the OWASP Top 10 most critical web application security risks.

Related terms

Authentication →

The process of verifying the identity of a user, device, or system before granting access to a resource.

Multi-Factor Authentication (MFA) →

An authentication mechanism that requires users to present two or more independent verification factors before access is granted: something you know (password), something you have (hardware token or authenticator app), or something you are (biometric).

JSON Web Token (JWT) →

A compact, self-contained token format used to transmit claims between parties as a digitally signed JSON object, widely used for API authentication and single sign-on flows.

OWASP Top 10 →

A regularly updated consensus list of the ten most critical security risks to web applications, published by the Open Web Application Security Project (OWASP).

Put this into practice

Autonomous OWASP vulnerability scanning →

See how Penetrify's autonomous AI agents find and validate this class of security issue in your application.