Application Security, Technology

Abusing Password reset functionality to steal user data (Part–3)

We saw different implementations of a password reset functionality to ensure application security along with their best practices in the first and the second blogs of the series. In this final blog of the series, we will discuss the concept of Multi-Factor Authentication (One Time Passwords i.e. OTP) for the implementation of a reset...

by Nikhit Kumar
Tag: forgot password hacking
17-Nov-2015

Application Security

Abusing Password reset functionality to steal user data (Part–2)

In continuation to my last blog about possible attacks on a password reset functionality, this part of the same series will look into below two implementations: • Email sent with a temporary password or current password • Secret questions asked and then given the option to reset the password I will mention possible issues which...

by Abhinav Mishra
Tag: forgot password hacking
29-Sep-2015

Application Security

Abusing Password reset functionality to steal user data (Part – I)

For every developer, implementing a password reset feature is a very interesting part. This is where he develops a logic and then implements it in the code. There is no well-defined industry standard on how to implement a secure password reset functionality in your application. So, the result is that every application has a different way...

by Abhinav Mishra
Tag: forgot password hacking
02-Sep-2015