Attacks and vulnerability analysis of e-mail as a password reset point

Authors

Caleb Routh, University of North Florida
Brandon Decrescenzo, University of North Florida
Swapnoneel Roy, University of North FloridaFollow

Document Type

Conference Proceeding

Publication Date

3-9-2018

Abstract

In this work, we perform security analysis of using an e-mail as a self-service password reset point, and exploit some of the vulnerabilities of e-mail servers' forgotten password reset paths. We perform and illustrate three different attacks on a personal Email account, using a variety of tools such as: Public knowledge attainable through social media or public records to answer security questions and execute a social engineering attack, hardware available to the public to perform a man in the middle attack, and free software to perform a brute-force attack on the login of the email account. Our results expose some of the inherent vulnerabilities in using emails as password reset points. The findings are extremely relevant to the security of mobile devices since users' trend has leaned towards usage of mobile devices over desktops for Internet access.

Publication Title

2018 4th International Conference on Mobile and Secure Services, MOBISECSERV 2018

Volume

2018-February

First Page

1

Last Page

5

Digital Object Identifier (DOI)

10.1109/MOBISECSERV.2018.8311443

ISBN

9781538632536

Citation Information

Routh, DeCrescenzo, B., & Roy, S. (2018). Attacks and vulnerability analysis of e-mail as a password reset point. 2018 Fourth International Conference on Mobile and Secure Services (MobiSecServ), 1–5. https://doi.org/10.1109/MOBISECSERV.2018.8311443