Almost all modern systems implement a password recovery mechanism. Most of these implementations are designed from scratch without any industry standard to follow what leads to a recipe for disaster. This session will outline the most common vulnerabilities affecting these implementations and illustrate through a real-world case study with a live demo how devastating these vulnerabilities can be.
1: Learn about the most common problems and errors affecting password recovery systems.
2: Understand through a demo how easy it can be for attackers to abuse these systems.
3: Gain insight on how to avoid the problems discussed.