StackHawk Documentation StackHawk Logo HawkDocs
vulnerabilities
40053

No results found

Try different keywords or check your spelling

Search documentation

Find guides, API references, and more

esc
Back to Index

API Broken Authentication

Reference
Plugin ID: 40053 CWE: 287 WASC: 1 High Active Authentication
Resource

Remediation

To mitigate API Broken Authentication vulnerabilities, implement the following security measures:

  1. Secure Authentication Mechanisms: Implement robust authentication using secure protocols and avoid weak authentication schemes.

  2. JWT Security: If using JWT tokens, ensure proper secret management, algorithm validation, and signature verification. Avoid the 'none' algorithm.

  3. Session Management: Implement secure session management with proper token rotation, expiration, and invalidation mechanisms.

  4. Multi-Factor Authentication: Consider implementing MFA for sensitive API operations and administrative functions.

About

API Broken Authentication vulnerabilities occur when authentication mechanisms are improperly implemented, allowing attackers to compromise user accounts or bypass authentication controls. This corresponds to OWASP API Security Top 10 2023 - API02: Broken Authentication.

Risks

Broken Authentication in APIs can result in:

  • Account takeover and unauthorized access
  • JWT token forgery and manipulation
  • Session hijacking and impersonation
  • Bypass of authentication controls
  • Access to sensitive user data and functionality

Your privacy settings

We use first and third party cookies to ensure that we give you the best experience on our website and in our products.

Privacy Policy