Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-50:Password Recovery Exploitation
Attack Pattern ID:50
Version:v3.9
Attack Pattern Name:Password Recovery Exploitation
Abstraction:Standard
Status:Draft
Likelihood of Attack:Medium
Typical Severity:High
DetailsContent HistoryRelated WeaknessesReports
2Weaknesses found
CWE-522
Insufficiently Protected Credentials
ShareView Details
Insufficiently Protected Credentials
Likelihood of Exploit-Not Available
Mapping-Allowed-with-Review
Abstraction-Class
Found in1192CVEs

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Impacts-
Gain Privileges or Assume Identity
Tags-
ICS/OT (technology class)Gain Privileges or Assume Identity (impact)
As Seen In-
2021 CWE Top 25 Most Dangerous Software2020 CWE Top 25 Most Dangerous SoftwareCWE Cross-section
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
ShareView Details
Weak Password Recovery Mechanism for Forgotten Password
Likelihood of Exploit-High
Mapping-Allowed-with-Review
Abstraction-Base
Found in208CVEs

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

Impacts-
OtherDoS: Resource Consumption (Other)Gain Privileges or Assume Identity
Tags-
High exploitOther (impact)Gain Privileges or Assume Identity (impact)DoS: Resource Consumption (Other) (impact)
As Seen In-
Not Available