Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V2 - Authentication

Authentication Bypass

POC

  1. Check if post authentication URLs are directly accessible and do not have any session bound to it.
  2. In case the URL is stolen/guessable/brute-forceable, it can lead to account takeover.

Impact

Medium

Likelihood

Low