CAPEC 50 Password Recovery Exploitation

Draft Standard Medium Risk

Severity High

Description

An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure.

Attack Execution Flow

Step 1

Explore

Understand the password recovery mechanism and how it works.

Step 2

Exploit

Find a weakness in the password recovery mechanism and exploit it. For instance, a weakness may be that a standard single security question is used with an easy to determine answer.

CAPEC 50 Password Recovery Exploitation

Description

Attack Execution Flow

Step 1

Step 2

Mitigations

E-Mail The Temporary Password To The Registered E-Mail Address Of The User Rather Than Letting The User Reset The Password Online.

Ensure That Your Password Recovery Functionality Is Not Vulnerable To An Injection Style Attack.

Use Multiple Security Questions (E.G. Have Three And Make The User Answer Two Of Them Correctly). Let The User Select Their Own Security Questions Or Provide Them With Choices Of Questions That Are Not Generic.

Consequences

Security Scopes Affected

Potential Impacts

Indicators

Relationships

Parent CAPECs

Resources Required

CAPEC 50 Password Recovery Exploitation

Description

Attack Execution Flow

Step 1

Step 2

Mitigations

E-Mail The Temporary Password To The Registered E-Mail Address Of The User Rather Than Letting The User Reset The Password Online.

Ensure That Your Password Recovery Functionality Is Not Vulnerable To An Injection Style Attack.

Use Multiple Security Questions (E.G. Have Three And Make The User Answer Two Of Them Correctly). Let The User Select Their Own Security Questions Or Provide Them With Choices Of Questions That Are Not Generic.

Consequences

Security Scopes Affected

Potential Impacts

Indicators

Relationships

Parent CAPECs

Resources Required

Iscriviti alla newsletter