{"title":"将电子邮件作为密码重置点的攻击和漏洞分析","authors":"Caleb Routh, Brandon DeCrescenzo, Swapnoneel Roy","doi":"10.1109/MOBISECSERV.2018.8311443","DOIUrl":null,"url":null,"abstract":"In this work, we perform security analysis of using an e-mail as a self-service password reset point, and exploit some of the vulnerabilities of e-mail servers' forgotten password reset paths. We perform and illustrate three different attacks on a personal Email account, using a variety of tools such as: public knowledge attainable through social media or public records to answer security questions and execute a social engineering attack, hardware available to the public to perform a man in the middle attack, and free software to perform a brute-force attack on the login of the email account. Our results expose some of the inherent vulnerabilities in using emails as password reset points. The findings are extremely relevant to the security of mobile devices since users' trend has leaned towards usage of mobile devices over desktops for Internet access.","PeriodicalId":281294,"journal":{"name":"2018 Fourth International Conference on Mobile and Secure Services (MobiSecServ)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Attacks and vulnerability analysis of e-mail as a password reset point\",\"authors\":\"Caleb Routh, Brandon DeCrescenzo, Swapnoneel Roy\",\"doi\":\"10.1109/MOBISECSERV.2018.8311443\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this work, we perform security analysis of using an e-mail as a self-service password reset point, and exploit some of the vulnerabilities of e-mail servers' forgotten password reset paths. We perform and illustrate three different attacks on a personal Email account, using a variety of tools such as: public knowledge attainable through social media or public records to answer security questions and execute a social engineering attack, hardware available to the public to perform a man in the middle attack, and free software to perform a brute-force attack on the login of the email account. Our results expose some of the inherent vulnerabilities in using emails as password reset points. The findings are extremely relevant to the security of mobile devices since users' trend has leaned towards usage of mobile devices over desktops for Internet access.\",\"PeriodicalId\":281294,\"journal\":{\"name\":\"2018 Fourth International Conference on Mobile and Secure Services (MobiSecServ)\",\"volume\":\"24 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-02-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 Fourth International Conference on Mobile and Secure Services (MobiSecServ)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MOBISECSERV.2018.8311443\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 Fourth International Conference on Mobile and Secure Services (MobiSecServ)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MOBISECSERV.2018.8311443","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Attacks and vulnerability analysis of e-mail as a password reset point
In this work, we perform security analysis of using an e-mail as a self-service password reset point, and exploit some of the vulnerabilities of e-mail servers' forgotten password reset paths. We perform and illustrate three different attacks on a personal Email account, using a variety of tools such as: public knowledge attainable through social media or public records to answer security questions and execute a social engineering attack, hardware available to the public to perform a man in the middle attack, and free software to perform a brute-force attack on the login of the email account. Our results expose some of the inherent vulnerabilities in using emails as password reset points. The findings are extremely relevant to the security of mobile devices since users' trend has leaned towards usage of mobile devices over desktops for Internet access.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
