CAPEC-50: Password Recovery Exploitation

Description
An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure.
Extended Description

Most of them use only one security question. For instance, mother's maiden name tends to be a fairly popular one. Unfortunately in many cases this information is not very hard to find, especially if the attacker knows the legitimate user. These generic security questions are also re-used across many applications, thus making them even more insecure. An attacker could for instance overhear a coworker talking to a bank representative at the work place and supplying their mother's maiden name for verification purposes. An attacker can then try to log in into one of the victim's accounts, click on "forgot password" and there is a good chance that the security question there will be to provide mother's maiden name. A weak password recovery scheme totally undermines the effectiveness of a strong password scheme.

Severity :

High

Possibility :

Medium

Type :

Standard
Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-151: Identity Spoofing Identity Spoofing CAPEC-212: Functionality Misuse Functionality Misuse CAPEC-560: Use of Known Domain Credentials Use of Known Domain Credentials CAPEC-561: Windows Admin Shares with Stolen Credentials Windows Admin Shares with Stolen Credentials CAPEC-600: Credential Stuffing Credential Stuffing CAPEC-653: Use of Known Operating System Credentials Use of Known Operating System Credentials
Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • The system allows users to recover their passwords and gain access back into the system.
  • Password recovery mechanism has been designed or implemented insecurely.
  • Password recovery mechanism relies only on something the user knows and not something the user has.
  • No third party intervention is required to use the password recovery mechanism.
Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Low Brute force attack
  • Medium Social engineering and more sophisticated technical attacks.
Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Resources required

For a brute force attack one would need a machine with sufficient CPU, RAM and HD.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-522: Insufficiently Protected Credentials

CWE-640: Weak Password Recovery Mechanism for Forgotten Password

Visit http://capec.mitre.org/ for more details.