Authentication Lab

Authentication Lab

Welcome to the Authentication Lab, a place to play with some common, and some not so common, authentication and authorisation vulnerabilities.

I intend to grow the collection below as I come across new vulnerabilities while on client tests and as new ones are reported in the news. If you have something you would like to see added, let me know and I'll see what I can do. The more information you can give me the better but I'll look at anything that seems interesting.

Each lab is stand alone and none of them, so far, require any special tools to complete the challenge. If you get stuck, or want more information, check out my Authentication Lab Walkthroughs post.

IP Based Auth Bypass

Find the deliberate IP based authentication bypass.

Visit the challenge

Timing Attacks

Sometimes even the best login system can leak information through side-channels.

Visit the challenge

Client Side Auth

Never trust anything coming from the user, especially authentication.

Visit the challenge

Leaky JWT

See how easy it is to leak information in a JWT.

Visit the challenge

CVE-2019-7644 - JWT Signature Disclosure

Sometimes all it takes is a little information disclosure to break an authentication system.

Visit the challenge

JWT None Algorithm

Most JWT libraries allow you to choose either RSA or HMAC for signature verification however the spec allows for "None" to be specified meaning there is no signature in use.

Visit the challenge

Cracking JWT Keys

Ideally the key used to sign a JWT should be a long random string, making it impossible to guess or crack, but this is not always the case. This lab presents a number of weak keys for you to investigate.

Visit the challenge

User Agent Strings

Most clients that talk to web apps will send a user agent string, unfortunately, some apps rely on this as a way to differentiate different type of user and allocate permissions based on it.

Visit the challenge


Lab created by Robin Wood - DigiNinja