[go: up one dir, main page]
Scribd
Upload
245 views8 pages

1 Web App Hacking Password Reset Functionality m1 Slides

This document summarizes common attacks against password reset functionality on web applications, including leakage of password reset links, insecure direct object references, insecure session management, weaknesses in the lifecycle of password reset links, and user enumeration. It describes common implementations of password reset such as password reset links sent via email, generating new passwords, and secret question and answer authentication. The document warns that password reset is a very sensitive operation that can enable account takeover if not implemented securely.

Uploaded by

sebyh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
245 views8 pages

1 Web App Hacking Password Reset Functionality m1 Slides

This document summarizes common attacks against password reset functionality on web applications, including leakage of password reset links, insecure direct object references, insecure session management, weaknesses in the lifecycle of password reset links, and user enumeration. It describes common implementations of password reset such as password reset links sent via email, generating new passwords, and secret question and answer authentication. The document warns that password reset is a very sensitive operation that can enable account takeover if not implemented securely.

Uploaded by

sebyh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Web App Hacking:

Hacking Password Reset Functionality


INTRODUCTION

Dawid Czagan

SECURITY INSTRUCTOR

@dawidczagan

Overview
Password reset functionality
Implementations
Attacks

Very sensitive
operation
Account takeover

Password Reset Functionality

Password reset link


Generating new
password
Secret question
and answer

Implementations

https://example.com/reset.php?token=38d527c93b748a2
https://example.com/reset.php?userID=3451&token=38d527c93b748a2

Password Reset Link


Sent to users email address
Valid for a short period of time

Generating New
Password

Password sent in plaintext


Insecurely stored for a long time
Malware

Whats the name of your first school?

Secret Question
and Answer

Whats your mother's maiden name?


Answers are not secret
Social media

1. Leakage of Password Reset Link


2. Insecure Direct Object Reference

Attacks

3. Insecure Session Management


4. Weaknesses in Lifecycle of
Password Reset Link
5. User Enumeration

You might also like