Weak Password Recovery Mechanism for Forgotten Password
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
Weak password recovery mechanisms can be exploited to take over user accounts. Common issues include predictable reset tokens, security questions with easily guessable answers, or lack of verification.
如何修复此漏洞
基于 3 条 Shoulder 检测规则的 Weak Password Recovery 预防策略。
Use crypto/rand with 32+ bytes of entropy for password reset tokens
- func generateResetToken() string { - return fmt.Sprintf("%d", time.Now().Unix()) + import ( + "crypto/rand" + "encoding/hex" + ) + + func generateResetToken() (string, error) { + b := make([]byte, 32) + if _, err := rand.Read(b); err != nil { + return "", err + } + return hex.EncodeToString(b), nil }
Use crypto.randomBytes() instead of Math.random() for security tokens
- user.resetToken = Math.random().toString(36); + const crypto = require('crypto'); + user.resetToken = crypto.randomBytes(32).toString('hex'); await user.save();
Use the secrets module for cryptographically secure token generation
- import random - - def create_reset_token(): - chars = 'abcdef0123456789' - reset_token = ''.join(random.choice(chars) for _ in range(32)) - return reset_token + import secrets + + def create_reset_token(): + return secrets.token_urlsafe(32)
查找代码中的漏洞
使用Shoulder扫描代码中的Weak Password Recovery Mechanism for Forgotten Password模式。 3 规则.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=640 # Or scan entire project npx @shoulderdev/cli trust .
检测规则 (3)
代码审查中需要关注的内容
这些模式表明潜在的Weak Password Recovery Mechanism for Forgotten Password漏洞。在代码审查和安全审计中注意查找。
扫描你的代码库: Weak Password Recovery Mechanism for Forgotten Password
Shoulder CLI 在整个代码库中找到易受攻击的模式。