# Broken Authentication

## Login Page Bypass using X-Forwarded-For

We can sometimes bypass Login Pages and Authentication Mechanisms using X-Forwarded-For Header

Below when i entered the credentials i got **Invalid Credentials** Error

<figure><img src="https://3420091786-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fy1ZUO45eHY8aMCLJ7OiN%2Fuploads%2F1GfywyzmVEym9l1Yt290%2Fimage.png?alt=media&#x26;token=75bf864b-013f-4d0d-acf2-8f9c27b96786" alt=""><figcaption></figcaption></figure>

Now i will add the **X-Forwarded-For Header** and it will bypass it

<figure><img src="https://3420091786-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fy1ZUO45eHY8aMCLJ7OiN%2Fuploads%2FNb4DtzFdqIljwdiPm1ux%2Fimage.png?alt=media&#x26;token=bf2a40a0-5139-43a4-a82d-c68699964c4b" alt=""><figcaption></figcaption></figure>