Testing for Weak Password Change or Reset Functionalities
OWASP Web Security Testing Guide 4.2 > 4. Authentication Testing > 4.9. Testing for Weak Password Change or Reset Functionalities
ID | Link to Hackinglife | Link to OWASP | Description |
---|---|---|---|
4.9 | WSTG-ATHN-09 | Testing for Weak Password Change or Reset Functionalities | - Determine whether the password change and reset functionality allows accounts to be compromised. - Test password reset (Display old password in plain-text?, Send via email?, Random token on confirmation email ?) - Test password change (Need old password?) |