Web Application Security
Web Application Vulnerability Categorization Apr 01 2014 02:09AM
m@d m0nk (th3madm0nk gmail com)
Hello Team,


I have a web app with a password recovery option. There is a secret
question and if the user enters the correct answer to the secret
question, the username and password is provided to the user.

If the password recover page / module allows multiple tries
(brute-force and no CAPTCHA or similar mechanism), can we categorize
this vulnerability under "Broken Authentication and Session
Management" or does this fall under any other Vulnerability Category /
OWASP Top 10?

Thanks in advance.



__| madm0nk |__
th3 sib3rian m0nk

This list is sponsored by Cenzic
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus