Improper Error Handling - Fail Open Authentication Scheme

Goal: 

Authenticate as webgoat without password. 

Method:

1. Start burp suite and turn on proxy intercept 

2. Enter Username and any password click login


3. Now remove &password=webgoat and forward the request

It's now login without password. 

 

Please publish modules in offcanvas position.