Weak Password Recovery Mechanism for Forgotten Password
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
Weak password recovery mechanisms can be exploited to take over user accounts. Common issues include predictable reset tokens, security questions with easily guessable answers, or lack of verification.
How to fix this vulnerability
Prevention strategies for Weak Password Recovery based on 3 Shoulder detection rules.
Use crypto/rand with 32+ bytes of entropy for password reset tokens
- func generateResetToken() string { - return fmt.Sprintf("%d", time.Now().Unix()) + import ( + "crypto/rand" + "encoding/hex" + ) + + func generateResetToken() (string, error) { + b := make([]byte, 32) + if _, err := rand.Read(b); err != nil { + return "", err + } + return hex.EncodeToString(b), nil }
Use crypto.randomBytes() instead of Math.random() for security tokens
- user.resetToken = Math.random().toString(36); + const crypto = require('crypto'); + user.resetToken = crypto.randomBytes(32).toString('hex'); await user.save();
Use the secrets module for cryptographically secure token generation
- import random - - def create_reset_token(): - chars = 'abcdef0123456789' - reset_token = ''.join(random.choice(chars) for _ in range(32)) - return reset_token + import secrets + + def create_reset_token(): + return secrets.token_urlsafe(32)
Find vulnerabilities in your code
Use Shoulder to scan your codebase for Weak Password Recovery Mechanism for Forgotten Password patterns. 3 rules.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=640 # Or scan entire project npx @shoulderdev/cli trust .
Detection Rules (3)
What to watch for in code reviews
These patterns indicate potential Weak Password Recovery Mechanism for Forgotten Password vulnerabilities. Look for these during code reviews and security audits.
Scan your codebase for Weak Password Recovery Mechanism for Forgotten Password
Shoulder CLI finds vulnerable patterns across your entire codebase.