Skip to main content
All CollectionsTroubleshootingTroubleshooting Target Autentication
Troubleshooting: Login failed in target authentication with a login form
Troubleshooting: Login failed in target authentication with a login form

Learn how to troubleshoot issues in target authentication with a login form.

Jaime Vasconcelos avatar
Written by Jaime Vasconcelos
Updated over a week ago

In targets with authentication, Probely scans must log in to reach areas reserved for authenticated users to scan them for vulnerabilities.

The problem

When running scans on a target with a login form, Probely fails to log in.

Troubleshoot the problem

To troubleshoot this problem, go through the following steps to identify the possible causes and respective solutions to fix it.

Step 1: Test the current credentials

Test if the current credentials configured in the target settings are still valid, as follows:

  1. In the Probely app, go to the TARGETS tab.

  2. Identify the target in the list and click on the cogwheel to open its settings.

  3. In the AUTHENTICATION tab, check the LOGIN FORM configuration, get the URL of the login form, and the current login credentials.

  4. Open a browser and type the target’s login URL.

  5. Log in with the current credentials.

If the login fails, check the following possible causes and apply the respective solution:

Cause

Solution

The credentials are invalid.

Obtain valid login credentials and update them in the target settings.

The credentials expired.

Obtain new login credentials and update them in the target settings.

Step 2: Test the login flow

Test if the login flow is still a login form, as follows:

  1. Open a browser and type the target’s login URL.

If the login is not a login form, the target authentication fails.

Check the following possible causes and apply the respective solution:

Cause

Solution

The login flow is not a login form but a complex login (e.g., multi-step login).

Configure the target authentication to use a login sequence, which supports complex logins.

Step 3: Check the field names

Check the values configured in field names in the target authentication with a login form as follows

  1. In the Probely app, go to the TARGETS tab.

  2. Identify the target in the list and click on the cogwheel to open its settings.

  3. In the AUTHENTICATION tab, go to the LOGIN FORM configuration to see the configured field names (typically, one for the username and another for the password).

  4. Open a browser and type the target’s login URL.

  5. Right-click and select Inspect to see the attributes of the input fields on the login form.

  6. In the LOGIN FORM configuration, check if the values set in the field names for the input fields contain a valid “id”, “name”, or CSS selector from the login form.

If the values configured in the field names are not valid, Probely scans cannot authenticate.

Check the following possible causes, and apply the respective solution:

Cause

Solution

The value configured in a field name does not contain a valid “id”, “name”, or CSS selector that identifies that input field in the login form.

Go to the target authentication settings and set the value of the field name with the “id,” “name,” or the CSS selector that uniquely identifies that input field in the login form.

Step 4: Test for a blocking WAF

Test if there is a WAF blocking access to the authentication page with the login form as follows:

  1. Open a browser in incognito mode and type the target’s URL.

  2. Go to the authentication page with the login form.

If a WAF blocks access to the authentication page with the login form, Probely scans cannot authenticate.

Check the following possible causes and apply the respective solution:

Cause

Solution

A WAF is blocking access to the authentication page with the login form.

Add Probely’s IPs to the WAF’s whitelist.

After following these steps, identifying the causes, and applying the respective solutions, scans should be able to log in to your target.

Learn more about this subject in the following articles:

Did this answer your question?