Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Web Security Academy - Password brute-force via password change

Alpgiray | Last updated: Aug 17, 2022 03:30PM UTC

The provided solution doesn't probably work in any case for me. I checked it after solving the lab get inside maybe another approach is possible but that's not possible. The reason i'm telling this is that within the solution it states that we get a 'Current password is incorrect' error message when the password is not correct for the current user. However, in my case the website redirects me to the login page when it's wrong (which is probably a better solution). Therefore, i used a macro in order to login every time as wiener and then brute-force the password of carlos. Am i missing or doing something wrong or is the solution really out-dated. Thank you already for your reply.

Michelle, PortSwigger Agent | Last updated: Aug 18, 2022 10:58AM UTC

Thanks for your message. The 'Current password is incorrect message' appears if, after logging in successfully and going to the 'My Account' page, you try to change your password and enter the wrong details for your current password and the mismatching details for 'New password' and 'Confirm new password'. I hope that helps. Please let me know if you have any questions.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.