Predictable Password Recovery Initiation Challenge
Variants:
Direct
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Password Recovery, Anti-Automation
Invented In:
01/01/1999
Added In:
23/12/2014
Vector Operation Method:
Attackers could abuse password recovery mechanisms that create a predictable recovery token or recovery initiation challenges, by bruteforcing the token created for other user accounts instead of gaining legitimate access to it.
