Authentication 12

Password brute-force via password change Feb 1, 2025
Password reset poisoning via middleware Feb 1, 2025
Offline password cracking Jan 29, 2025
Brute-forcing a stay-logged-in cookie Jan 29, 2025
2FA broken logic Jan 28, 2025
Username enumeration via account lock Jan 27, 2025
Broken brute-force protection, IP block Jan 27, 2025
Username enumeration via response timing Jan 27, 2025
Username enumeration via subtly different responses Jan 23, 2025
Password reset broken logic Jan 22, 2025
2FA simple bypass Jan 22, 2025
Username enumeration via different responses Jan 22, 2025