An Interest In:
Web News this Week
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
- April 19, 2024
- April 18, 2024
- April 17, 2024
Some of Our Sources
- Slashdot
- Techcrunch
- Technology Review
- Smashing Magazine
- TutsPlus - Design
- Fuel Your Creativity
- Spyre Studios
- Android Dissected
- Android Headlines
- The Verge
Help Webnuz
Referal links:
June 25, 2017 06:00 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/XW-mb_Os0vQ/account-registrations-enable-password-reset-man-in-the-middle-attacks
Account Registrations Enable 'Password Reset Man In The Middle' Attacks
"Attackers that have set up a malicious site can use users' account registration process to successfully perform a password reset process on a number of popular websites and messaging mobile applications, researchers have demonstrated." Orome1 quotes Help Net Security:The Password Reset Man in the Middle attack exploits the similarity of the registration and password reset processes. To launch such an attack, the attacker only needs to control a website. To entice victims to make an account on the malicious website, the attacker can offer free access to a wanted resource. Once the user initiates the account registration process by entering their email address, the attacker can use that information to initiate a password reset process on another website that uses that piece of information as the username (e.g. Google, YouTube, Amazon, Twitter, LinkedIn, PayPal, and so on). Every request for input from that site is forwarded to the potential victim, and then his or her answers forwarded back to that particular site. Interestingly, it can also beat two-factor authentication -- since the targeted user will still input the phone code into the man-in-the-middle site.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/XW-mb_Os0vQ/account-registrations-enable-password-reset-man-in-the-middle-attacks
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot