Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, session tokens, or exploit other implementation flaws to assume other users' identities temporarily or permanently.
| OWASP Top 10 Application Security Risks - 2017 | Reference |
|---|---|
| A2:2017-Broken Authentication | OWASP |
Broken authentication issues occur when it is impossible to identify the user uniquely and incontrovertibly.Francesco Ongaro
