#Broken Authentication

6 posts

BugForge - Daily - Gift Lab (Mar 13, 2026)

The Gift Lab application contains a Broken Authentication flaw where the adminAccessToken cookie issued at login has a predictable structure - only the…

Broken Authentication Brute Force

Posted on 2026-03-13 19:00 3 min read

BugForge - Daily - Copy Pasta (Feb 11, 2026)

The CopyPasta application uses a predictable session token scheme where session identifiers are derived by computing the MD5 hash of the username and then…

Broken Authentication Session Hijacking

Posted on 2026-02-11 19:00 3 min read

BugForge - Daily - Sokudo (Jan 29, 2026)

The Sokudo application uses predictable ISO 8601 timestamps as authentication tokens, creating a critical broken authentication vulnerability. By analyzing the…

Broken Authentication

Posted on 2026-01-29 20:00 3 min read

BugForge - Daily - Sokudo (Jan 15, 2026)

This challenge demonstrates how legacy API endpoints can introduce critical security vulnerabilities when not properly deprecated or secured. The application…

API Versioning Broken Authentication IDOR JWT Manipulation

Posted on 2026-01-15 20:40 5 min read

BugForge - Daily - Shady Oaks Finance (Jan 9, 2026)

This challenge demonstrates a JWT (JSON Web Token) authentication bypass vulnerability caused by improper algorithm validation. The application accepts…

JWT Authentication Bypass None Algorithm Broken Authentication

Posted on 2026-01-09 20:00 4 min read

BugForge - Daily - Sokudo (Jan 8, 2026)

This challenge demonstrates a broken authentication vulnerability caused by predictable session tokens combined with information disclosure. The application…

Broken Authentication Information Disclosure Session Hijacking

Posted on 2026-01-08 20:00 5 min read