Unrestricted Password Recovery Initiation Attempts Abuse
Variants:
Direct
Also Known As:
Unlimited Password Recovery Initiation
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Password Recovery, Anti-Automation
Invented In:
01/01/1999
Added In:
23/12/2014
Vector Operation Method:
Attackers could abuse recovery mechanisms without an attempt per timeframe restriction to eventually recover or change user credentials in the process of a brute force attack.
