BroncoCTF Challenge Exposes Client-Side Auth Flaw Allowing Full Login Bypass
A BroncoCTF web challenge called 'Super Secure Server' featured a login page that performed all credential verification inside the browser rather than on the server. The site's JavaScript fetched plaintext credentials from an unauthenticated /api/config endpoint, making the username and password visible to anyone. Authentication was determined solely by whether the client sent a JSON payload of {"authenticated": true} to the /login endpoint, which the server accepted without any independent verification. A solver bypassed the login entirely by posting that payload directly, without ever supplying valid credentials, and retrieved the flag. The challenge highlights three critical flaws: exposed credentials, client-side authentication logic, and unconditional server trust in a client-asserted boolean.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in