Even weak hackers can pull off a password reset MitM attack via account registration
At the IEEE Symposium on Security and Privacy 2017, researchers from the College of Management Academic Studies in Israel presented an interesting paper on bad password reset processes, “The Password Reset MitM Attack” (pdf). It explains how a weak attacker could take over accounts by exploiting vulnerabilities in password reset procedures.
They dubbed the attack: password reset man-in-the-middle (PRMitM). The researchers said Google is “extremely vulnerable” to PRMitM, but Facebook, Yahoo, LinkedIn, Yandex and other sites and email services are also vulnerable as well as mobile apps like Whatsapp, Snapchat and Telegram.
To read this article in full or to leave a comment, please click here