Definition
Weak Password Recovery is a security vulnerability where the function to recover a forgotten password is poorly implemented, allowing malicious attackers to guess or gain access through brute force attacks.
Vulnerability Points
- Password reset pages
Vulnerability Testing Methods
- Verify if the password is exposed during the password reset process.
- Check if the password, when sent to a phone number or email, can still be delivered even if it's tampered with.
Attack Methods
Attack Scenario
- The attacker exploits the feature provided for users to recover forgotten passwords.
- Using weak security procedures or vulnerable reset links/tokens, the attacker bypasses the password reset process or sets arbitrary passwords.
- The attacker gains access to the user's account through guessing or brute force attacks.
Occurrence Process
Detailed Explanation
- The user requests a password recovery from the application.
- The application provides a reset link or token to the user.
- The user completes the reset procedure and changes the password.
- The attacker requests password recovery with weak security procedures.
- The application allows the attacker's request and permits password reset.
Countermeasures
- Implement robust password reset procedures. Verify email addresses and require additional trustworthy authentication steps.
- Limit the validity period of temporary passwords and enforce the necessity of setting a new password.
- Strengthen security questions and answers. Avoid using weak security questions and ensure answers are not easily predictable.
- Implement email verification securely. Use ownership verification for email addresses or additional security authentication methods.
댓글 없음:
댓글 쓰기