Authentication failures occur when applications incorrectly confirm user identity. This includes weak passwords, credential stuffing, brute force attacks, poor session management, and missing or bypassable MFA.
Automated password guessing attacks
Using leaked credentials from breaches
Common or easily guessable passwords
Stealing or fixating session tokens
Circumventing multi-factor authentication
Weak reset mechanisms
Built by an OWASP Member • Part of the OWASP Web Security Lab Series