General Information

Weak Recovery Answer Enumeration

Variants:
Direct 

Also Known As:
Unrestricted Recovery Question Answer Attempts Abuse

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Password Recovery

Invented In:
01/01/1999

Added In:
23/12/2014


Vector Operation Method:
A trivial collection of recovery questions, limited sized answers or over informative hints can be abused by attackers to initialize or recover user account passwords.


Direct Variant:

Weak Recovery Answer Enumeration

Also Known As:
Unrestricted Recovery Question Answer Attempts Abuse

Typical Severity:
Medium

Learn More: