General Information

Password Disclosure in Password Recovery

Variants:
Direct 

Vector Type:
Vulnerability

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Password Recovery, Secure Design

Invented In:
01/01/1999

Added In:
21/12/2014


Vector Operation Method:
The password recovery mechanism discloses the password in the email response or after the final verification, risking its disclosure to unauthorized entities, instead of requiring the user to select a new password.


Direct Variant:

Password Disclosure in Password Recovery

Variant Title:
Password Disclosure in Password Recovery

Typical Severity:
Minor

Resources:

White Papers:

Learn More: