Read Time:1 Minute, 20 Second
Description
The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit: High
Related Weaknesses
CWE-287
CWE-287
Consequences
Access Control: Gain Privileges or Assume Identity
An attacker could gain unauthorized access to the system by retrieving legitimate user’s authentication credentials.
Availability: DoS: Resource Consumption (Other)
An attacker could deny service to legitimate system users by launching a brute force attack on the password recovery mechanism using user ids of legitimate users.
Integrity, Other: Other
The system’s security functionality is turned against the system by the attacker.
Potential Mitigations
Phase: Architecture and Design
Description:
Make sure that all input supplied by the user to the password recovery mechanism is thoroughly filtered and validated.
Phase: Architecture and Design
Description:
Do not use standard weak security questions and use several security questions.
Phase: Architecture and Design
Description:
Make sure that there is throttling on the number of incorrect answers to a security question. Disable the password recovery functionality after a certain (small) number of incorrect guesses.
Phase: Architecture and Design
Description:
Require that the user properly answers the security question prior to resetting their password and sending the new password to the e-mail address of record.
Phase: Architecture and Design
Description:
Never allow the user to control what e-mail address the new password will be sent to in the password recovery mechanism.
Phase: Architecture and Design
Description:
Assign a new temporary password rather than revealing the original password.
CVE References
