this is, of course, vulnerable to interception

Password Change Functionality

Surprisingly, many web applications do not provide any way for users to

change their password. However, this functionality is necessary for a well-

designed authentication mechanism for two reasons:

■■

Periodic enforced password change mitigates the threat of password

compromise by reducing the window in which a given password can be

targeted in a guessing attack and by reducing the window in which a

compromised password can be used without detection by the attacker.

■■

Users who suspect that their passwords may have been compromised

need to be able to quickly change their password to reduce the threat of

unauthorized use.

Although it is a necessary part of an effective authentication mechanism,

password change functionality is often vulnerable by design. It is frequently

the case that vulnerabilities that are deliberately avoided in the main login

function reappear in the password change function. There are many web

applications whose password change functions are accessible without authen-

tication and that:

■■

Provide a verbose error message indicating whether the requested user-

name is valid.

■■

Allow unrestricted guesses of the “existing password” field.

■■

Only check whether the “new password” and “confirm new password”

fields have the same value after validating the existing password,

thereby allowing an attack to succeed in discovering the existing pass-

word noninvasively.

HACK STEPS

■

Download 5,76 Mb.

Do'stlaringiz bilan baham: