Web application security - the fast guide 1.1 | Page 118
Chapter 6 - Attack execution (2)
P a g e | 118
Another issue raise when dealing with Forgotten password, a weak
method might lead to use challenge questions that are much more easier
to break, like pet name or first name for mother..etc.
Another source of danger as mentioned is the option of remembering the
password which can be reflected using cookie based approach through
non encrypted or weak encryption that might allow the attacker to
understand the identifier used and generate similar one.
Attack requirement:
A. No or weak locking policy
B. Verbos messages for false and valid login
C. Storing password locally through weak identifier
Attack process:
A. For change and forgot password process is totally similar to brute
force process
B. As for the password remember option user should check for
cookies and any stored non encrypted or weakly encrypted value
or identifier by capturing and examining the sent request after
activating remember me option using a tool Like Burp proxy.
C. If the identifier can be easily generated, generate different
identifiers and iteratively check if this will allow compromising
other accounts using Burp to achieve that.
6.5 Impersonation Functionality
Figure 47: impersonating functionalities
In many cases, application implements an impersonation functionality in order
to be able to control a user account by a privileged person in the organization.an
example is the case of a bank customer account and an account supervisor where
the supervisor has the privilege to access the customer account and execute
tasks on his behalf.
The main issue related to impersonation that the functionality is treated as
hidden functionality with minimal control over access or as a back door that can
be accessed through simple password.