Authentication Bypasses

Authentication Bypasses happen in many ways but usually take advantage of some flaw in the configuration or logic. Tampering to achieve the right conditions.

Hidden inputs

The simplest form is a reliance on a hidden input in the web page/DOM.

Removing Parameters

Sometimes, if an attacker doesn’t know the correct value of a parameter, they may remove it from the submission altogether to see what happens.

Forced Browsing

If an area of a site is not appropriately protected by configuration, that area of the site may be accessed by guessing/brute-forcing.