"How can we authenticate to the device or how can we get in?"
- When you gain access, this is broken authentication
- Default Credentials
- Weak Credentials
- Admin Admin?
It is important to understand that these are fundamentally authentication issues in general.
Tips to prevent broken authentication:
- MFA
- Do not use weak credentials
- Rotate user ID's
- Rate limiting or 2captcha to prevent automated, botlike, or brute forcing behavior
You are presented with a login page...
 (4) (2).png)
Perform some username enumeration based on attempted login errors.
If you provide a valid email, does it change the behavior of the site?
Look at all of the features!
Be sure to capture all requests with Burp!