Standardlikelihood: Mediumseverity: HighDraft

CAPEC-50Password Recovery Exploitation

Abstraction
Standard
Status
Draft
Likelihood
Medium
Severity
High

Description

An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure. Metadata: standard CAPEC pattern, status draft, likelihood medium, severity high. Underlying weaknesses: CWE-522, CWE-640. Related CAPEC patterns: [object Object], [object Object], [object Object], [object Object] (and 2 more).

Related weaknesses· 2

CWE-522CWE-640

Related attack patterns· 6

CAPEC-212 (ChildOf)CAPEC-600 (CanPrecede)CAPEC-151 (CanPrecede)CAPEC-560 (CanPrecede)CAPEC-561 (CanPrecede)CAPEC-653 (CanPrecede)

Exploits2

TypeTargetConfidenceTier
WeaknessInsufficiently Protected Credentialscwe-522100%live
WeaknessWeak Password Recovery Mechanism for Forgotten Passwordcwe-640100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Rainbow Table Password Cracking
CAPEC
Password Brute Forcing
CAPEC
Password Spraying
CAPEC
Dictionary-based Password Attack
CAPEC
Authentication Abuse
CAPEC
Privilege Abuse
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.