Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.mindfort.ai/llms.txt

Use this file to discover all available pages before exploring further.

What Dual Credentials Are For

Dual credential mode lets a red-team assessment use two stored accounts for the same target. This helps MindFort test whether one authenticated user can access data or actions that should belong to another user. Use dual credentials when you want coverage for:
  • IDOR and broken object-level authorization
  • role bypass and privilege boundary issues
  • cross-user data access
  • tenant or account isolation problems

Before You Start

Add at least two stored credentials to the target. The credentials should represent the access boundary you want tested, such as two standard users, a standard user and an admin, or users from different accounts or tenants. For credential setup details, see Authentication & Credentials.

Run With Dual Credentials

1

Open New Assessment

Start a new assessment and select the target you want to test.
2

Enable dual credential mode

In Credentials, turn on Dual credential mode. This option is available after the target has at least two stored credentials.
3

Select two accounts

Choose the primary credential and the secondary credential. MindFort uses both accounts to compare what each user can access.
4

Start or schedule the assessment

Run the assessment immediately or configure a recurring schedule. Scheduled assessments keep the selected primary and secondary credentials.

Choosing Credential Pairs

Choose accounts that make authorization failures easy to detect:
  • Two regular users with separate data sets
  • A low-privilege user and a higher-privilege user
  • Users from different organizations, workspaces, or tenants
  • Accounts with intentionally different feature access
Avoid using personal or production admin accounts. Dedicated test accounts give the clearest results and reduce risk.