Definition

Weak Password Recovery is a security vulnerability where the function to recover a forgotten password is poorly implemented, allowing malicious attackers to guess or gain access through brute force attacks.

Vulnerability Points

• Password reset pages

Vulnerability Testing Methods

• Verify if the password is exposed during the password reset process.

• Check if the password, when sent to a phone number or email, can still be delivered even if it's tampered with.

Attack Methods

Attack Scenario

1. The attacker exploits the feature provided for users to recover forgotten passwords.

2. Using weak security procedures or vulnerable reset links/tokens, the attacker bypasses the password reset process or sets arbitrary passwords.

3. The attacker gains access to the user's account through guessing or brute force attacks.

Occurrence Process

Detailed Explanation

1. The user requests a password recovery from the application.

2. The application provides a reset link or token to the user.

3. The user completes the reset procedure and changes the password.

4. The attacker requests password recovery with weak security procedures.

5. The application allows the attacker's request and permits password reset.

Countermeasures

• Implement robust password reset procedures. Verify email addresses and require additional trustworthy authentication steps.

• Limit the validity period of temporary passwords and enforce the necessity of setting a new password.

• Strengthen security questions and answers. Avoid using weak security questions and ensure answers are not easily predictable.

• Implement email verification securely. Use ownership verification for email addresses or additional security authentication methods.