Password Change Functionality

Surprisingly, many web applications do not provide any way for users to change their password. However, this functionality is necessary for a well designed authentication mechanism for two reasons:

■ Periodic enforced password change mitigates the threat of password compromise by reducing the window in which a given password can be targeted in a guessing attack and by reducing the window in which a compromised password can be used without detection by the attacker.

■ Users who suspect that their passwords may have been compromised need to be able to quickly change their password to reduce the threat of unauthorized use.

Although it is a necessary part of an effective authentication mechanism, password change functionality is often vulnerable by design. It is frequently the case that vulnerabilities that are deliberately avoided in the main login function reappear in the password change function. There are many web applications whose password change functions are accessible without authentication and that:

■ Provide a verbose error message indicating whether the requested user name is valid.
■ Allow unrestricted guesses of the “existing password” field.
■ Only check whether the “new password” and “confirm new password” fields have the same value after validating the existing password, thereby allowing an attack to succeed in discovering the existing password noninvasively.


NEXT is..Forgotten Password Functionality………..,.,.,.,.,.,.