Weak Recovery Answer Enumeration
Variants:
Direct
Also Known As:
Unrestricted Recovery Question Answer Attempts Abuse
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Password Recovery
Invented In:
01/01/1999
Added In:
23/12/2014
Vector Operation Method:
A trivial collection of recovery questions, limited sized answers or over informative hints can be abused by attackers to initialize or recover user account passwords.
