1. Web Security Academy
  2. Authentication
  3. Password-based
  4. Lab

Lab: Broken brute-force protection, multiple credentials per request

EXPERT

This lab is vulnerable due to a logic flaw in its brute-force protection. To solve the lab, brute-force Carlos's password, then access his "My account" page.