Broken Authentication -> Forgot Password - Bad Questions

Broken Authentication -> Forgot Password - Bad Questions

A security question is form of shared secret used as an authenticator. It is used as an extra security layer.

Exploitation

This webapp has password recovery with bad security questions inwhich the answers can easily be predicted by attacker.

We will test the webapp with username webgoat to understand its working flow.

As you can see, it was asking for favorite color which is bad question as it can be predicted. Since we have been given red as the favorite color of webgoat user, we will use it here.

Now we have understood the working flow of the password recovery, we are going to reset password of admin user.

Let’s enter admin as the username.

Here, We don’t know the favorite color of admin user but since the security question is easy to guess, we can try different color until we get the right one.

Let’s test for red

red was incorrect. Let’s try for green

Great!, we have predicted the answer.

References

• https://cheatsheetseries.owasp.org/cheatsheets/Choosing_and_Using_Security_Questions_Cheat_Sheet.html
• https://en.wikipedia.org/wiki/Security_question