There are lots of times when you need to do some sort of login system that takes a password or a PIN number and tries to login to a server with it. It might be obvious to some people, but it is a simple mistake to make that you shouldn’t ask your server application what the correct PIN/Password is and then compare it, but you should instead send the PIN/Password to the server and ask whether it is correct.
A good example of this is a cash machine. If someone hacks into a cash machine network, they shouldn’t be able to ask the system for a PIN number for a specific card. Instead, in order to authenticate, the cash machine should send the card number and PIN number and ask whether they match.