Broken Authentication involves all kinds of flaws that are caused by errors in implementation of authentication and/or session management. Due to the wide range of different vulnerabilities, it is difficult to define its general properties. The category includes everything from login lacking timeout, meaning that users who forget to logout on a public computer can get hijacked, to more technical vulnerabilities such as session fixation.