In this article, we are telling you about WEAK RANDOMNESS VULNERABILITY like what WEAK RANDOMNESS VULNERABILITY is and how it can be found in a website.
You may not have heard the name of WEAK RANDOMNESS VULNERABILITY before but it is also a bug that if you find it in a website, you may get bounty so you should know about it.
The best part of WEAK RANDOMNESS VULNERABILITY is that it is very easy to find the bug. Even a beginner can easily find this bug and take it bounty. All this is being told to you for educational purpose.
Note – This article is only for educational purpose. Don’t miss use your knowledge and skills.
Also Read
Broken authentication and session management
Subdomain enumeration and subdomain bruteforce
WEAK RANDOMNESS VULNERABILITY ?
Let us first tell you what WEAK RANDOMNESS VULNERABILITY is, as the name itself suggests, randomness means that everyone knows that something like this also happens randomly in a website. You can also call WEAK RANDOMNESS VULNERABILITY as Insecure Randomness bug.
Just like if a website generates some kind of id or some kind of token is generated, in such a way, if you know here how token is being generated randomly, in such a way it is called a bug.
As you can see in the image there are some numbers here, you are getting 10 numbers show, from here on day you will see that the last digits of all the numbers are increasing randomly, if you get this in any such website, in such a way, you can WEAK RANDOMNESS VULNERABILITY
Let us understand WEAK RANDOMNESS VULNERABILITY by example, suppose that access token is being generated in a website, in such a way that this access token is generated every time only by increasing and not decreasing even once.
In such a situation, a bug hunter understands that every time the website is being generated by increasing the token, in such a way WEAK RANDOMNESS VULNERABILITY can be exploited by attacking bruteforce using intruder with the help of burp suite.
It is not that if some kind of token is generated randomly only then WEAK RANDOMNESS is called VULNERABILITY. Here the session id is also found to be randomly incremented every time, it is still called a bug.
Here if WEAK RANDOMNESS VULNERABILITY is still not found, in such a way, you have been shown below practically, in which you will understand how this bug can be found in a website.
How to find WEAK RANDOMNESS VULNERABILITY ?
Let us now tell you how WEAK RANDOMNESS VULNERABILITY is found in a website, we are telling you all this by solving a lab, but before going practical you must understand it theoretically.
https://application.security/free-application-security-training/owasp-top-10-weak-randomness
First of all, you have to open the lab, you are being given a link to this lab, you must also solve this lab and see it, so you will understand how WEAK RANDOMNESS VULNERABILITY works in a website.
In this way you will be given a url, you have to open this url as you can see in the image, in real, this bug is found by visiting some similar website.
After this, you have to forget password, just like we forgot password for an account in a website, you have to do the same here as you have been told, WEAK RANDOMNESS VULNERABILITY is not just for access token here session id is also here.
After doing all this, you have to reset the password as you can see here you are having a graph show below reset password, you can see that the numbers in graph are increasing here not even once.
You are shown an image like above where some numbers have been shown to you, those numbers are taken from this graph to understand how WEAK RANDOMNESS VULNERABILITY works.
After doing all this, you are asked to analyze the code, there you have been told that if you want this bug is not in any of your websites, then you have to do some coding in this way.
The Conclusion
I hope that now you can understand about WEAK RANDOMNESS VULNERABILITY, here we have told you about this bug both theory and practically, you must also solve this lab.
The way you have been told about lab solve about WEAK RANDOMNESS VULNERABILITY, you have to find this bug in a real website, if you find this bug, you can report in such a way.
Here we want to tell you something about bug hunting, the more you know about bug hunting, you will get something new because there are so many bugs that have been found and which are not talked about.
In such a situation, if you also want to create a bug hunter, in such a situation, you should always be updated and other reports of the bugs found should also be included, because the articles must also be found because it happens very often that the bug is found in a website first and then has been found in some other website.
In such a way, if you know about the bugs already found, then it is easy for you to find bugs in any other website, so you always update in this field, you must also follow the bug hunters.
If you like this article with our WEAK RANDOMNESS VULNERABILITY and have got to learn something new, then you must share our articles, you have been given a lot of bug hunting articles here, you can also read them.
Subscribe to our blog for latest updates
Sharing is Caring
Thankyou
Leave a Reply