Security Misconfiguration

Challenge "Provoke an error that is not very gracefully handled"

Attempt to login with an incorrectly formatted email address

1. Go to the login form.
2. Enter ' as the email
3. Enter any password.
4. Attempt to log in.
5. Notice the error message.

Questions

• What did the error message tell you?
  • If you have time, see if you can provoke error messages in other places or with different input the Juice Shop to see what information you may obtain from the error messages.
• What is the risk to the Juice Shop in this scenario?
• What is the risk to a general web app in this type of scenario?

Recommended reading

• OWASP Top 10-2017:A6 Security Misconfiguration