# Weak Password Recovery Mechanism for Forgotten Password (CWE-640)

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

**Stack:** JavaScript

- Prevalence: 高 频繁被利用
- Impact: 高 3 条严重级别为高的规则
- Prevention: 已记录 3 个修复示例

**OWASP:** Identification and Authentication Failures (A07:2021-Identification and Authentication Failures) - #7

## Description

Weak password recovery mechanisms can be exploited to take over user accounts. Common issues include predictable reset tokens, security questions with easily guessable answers, or lack of verification.

## Prevention

基于 1 条 Shoulder 检测规则的 Weak Password Recovery 预防策略。

### JavaScript

Use crypto.randomBytes() instead of Math.random() for security tokens

## Warning Signs

- [HIGH] predictable random number generation (Math

## Consequences

- 获取权限
- 绕过保护机制

## Mitigations

- 为密码重置链接使用强随机令牌
- 实施令牌过期(例如 1 小时)
- 要求额外的验证,如电子邮件或短信
- 切勿在可能被记录的 URL 中暴露重置令牌

## Detection

- Total rules: 3
- Languages: go, javascript, typescript, python

## Rules by Language

### Javascript (1 rules)

- **Weak Password Reset Token** [HIGH]: Detects predictable random number generation (Math.random) used for password reset tokens.
  - Remediation: Use cryptographically secure random:

```javascript
const crypto = require('crypto');
const resetToken = crypto.randomBytes(32).toString('hex');
```

Learn more: https://shoulder.dev/learn/javascript/cwe-640/weak-password-reset-token

### Typescript (1 rules)

- **Weak Password Reset Token** [HIGH]: Detects predictable random number generation (Math.random) used for password reset tokens.
  - Remediation: Use cryptographically secure random:

```javascript
const crypto = require('crypto');
const resetToken = crypto.randomBytes(32).toString('hex');
```

Learn more: https://shoulder.dev/learn/javascript/cwe-640/weak-password-reset-token