A7 - Identity and Authentication Failure

Identity and Authentication Failure

Common Issues

  1. Weak Password Policies: Allowing users to set weak passwords that are easy to guess.

  2. Credential Stuffing: Attackers utilizing lists of compromised user credentials to gain unauthorized access.

  3. Session Hijacking: Exploiting active sessions to impersonate legitimate users.

Mitigation Strategies

  • Enforce Strong Passwords: Implement password complexity requirements.

  • Multi-Factor Authentication (MFA): Require additional verification steps beyond just a password.

  • Secure Session Management: Use secure cookies and timeout inactive sessions promptly.

Last updated