Authentication Failures (Insecure)

Login Page (Plaintext Auth)

This login form accepts any valid username and plaintext password stored in the database.

Try guessing credentials or using brute force to discover hidden users.

This is an intentionally insecure login system designed to simulate how **authentication failures** can be exploited in the real world.

🔓 Passwords are stored in plaintext within the database — no encryption, no hashing.
🧠 Your goal is to guess valid login credentials by trying different username/password combinations — like a brute-force game.
💡 If you discover a valid login that hasn’t been found before, the system will congratulate you and mark it as "found."
🔁 If you attempt a login that’s already been found, the system will let you know it’s no longer a new discovery.
📦 All credential data is pulled from the auth_users table in the database, including a flag called user_found to track discoveries.

Example of a Found User:

🧪 Try out different combos and see how many hidden users you can uncover!