Overview
Authentication Bypass Vulnerabilities are common flaws in web applications today, but they are not always easy to find.
With the continuous development of technology and the integration of various platforms, traditional authentication methods are gradually decreasing. The new authentication method not only provides convenience for users but also improves security to a higher level. While old ways of logging in users, such as leveraging single sign-on (SSO), are improvements, these techniques can still contain critical vulnerabilities. Whether it is a business logic error or some other flawed configuration, how do you discover these vulnerabilities?
Misconfiguration of the token refresh terminal
In this case, when a user logs into the application with valid credentials, an authentication token is created for authentication. And this authentication token expires after some time. A valid auth token appears in the return packet by endpoint/refresh/tokenlogin sending a request to the server with parameters just before it expires .username