Authentication related vulnerabilities are part of OWASP Top 10 2017. They are covered under A2:2017 Broken Authentication. Some of the vulnerabilities listed under this category are as follows:
- The application allows automated attacks such as credential stuffing
- The application allows brute-force attacks
- The application allows users to set default, weak, or well-known passwords
- The application has a weak password recovery process