1. Web Security Academy
  2. Authentication vulnerabilities
  3. Other mechanisms
  4. Lab

Lab: Password brute-force via password change


This lab's password change functionality makes it vulnerable to brute-force attacks. To solve the lab, use the list of candidate passwords to brute-force Carlos's account and access his "My account" page.

Find vulnerabilities in your authentication using Burp Suite

The benefits of working through PortSwigger's Web Security Academy

Get started with the Web Security Academy where you can practise exploiting vulnerabilities on realistic targets .. and its free!

Already got an account? Login here