General Information

Unrestricted Password Recovery Initiation Attempts Abuse

Variants:
Direct 

Also Known As:
Unlimited Password Recovery Initiation

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Password Recovery, Anti-Automation

Invented In:
01/01/1999

Added In:
23/12/2014


Vector Operation Method:
Attackers could abuse recovery mechanisms without an attempt per timeframe restriction to eventually recover or change user credentials in the process of a brute force attack.


Direct Variant:

Unrestricted Recovery Initiation

Also Known As:
Unrestricted Password Recovery Initiation Attempts Abuse

Typical Severity:
Minor

Resources:

White Papers:

Learn More: