CAPEC-50: Password Recovery Exploitation

An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure.
Extended Description

Most of them use only one security question. For instance, mother's maiden name tends to be a fairly popular one. Unfortunately in many cases this information is not very hard to find, especially if the attacker knows the legitimate user. These generic security questions are also re-used across many applications, thus making them even more insecure. An attacker could for instance overhear a coworker talking to a bank representative at the work place and supplying their mother's maiden name for verification purposes. An attacker can then try to log in into one of the victim's accounts, click on "forgot password" and there is a good chance that the security question there will be to provide mother's maiden name. A weak password recovery scheme totally undermines the effectiveness of a strong password scheme.

Severity :


Possibility :


Type :


This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • The system allows users to recover their passwords and gain access back into the system.
  • Password recovery mechanism has been designed or implemented insecurely.
  • Password recovery mechanism relies only on something the user knows and not something the user has.
  • No third party intervention is required to use the password recovery mechanism.
Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Low Brute force attack
  • Medium Social engineering and more sophisticated technical attacks.
Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Resources required

For a brute force attack one would need a machine with sufficient CPU, RAM and HD.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

Visit for more details.