Attacks and vulnerability analysis of e-mail as a password reset point
Document Type
Conference Proceeding
Publication Date
3-9-2018
Abstract
In this work, we perform security analysis of using an e-mail as a self-service password reset point, and exploit some of the vulnerabilities of e-mail servers' forgotten password reset paths. We perform and illustrate three different attacks on a personal Email account, using a variety of tools such as: Public knowledge attainable through social media or public records to answer security questions and execute a social engineering attack, hardware available to the public to perform a man in the middle attack, and free software to perform a brute-force attack on the login of the email account. Our results expose some of the inherent vulnerabilities in using emails as password reset points. The findings are extremely relevant to the security of mobile devices since users' trend has leaned towards usage of mobile devices over desktops for Internet access.
Publication Title
2018 4th International Conference on Mobile and Secure Services, MOBISECSERV 2018
Volume
2018-February
First Page
1
Last Page
5
Digital Object Identifier (DOI)
10.1109/MOBISECSERV.2018.8311443
ISBN
9781538632536
Citation Information
Routh, DeCrescenzo, B., & Roy, S. (2018). Attacks and vulnerability analysis of e-mail as a password reset point. 2018 Fourth International Conference on Mobile and Secure Services (MobiSecServ), 1–5. https://doi.org/10.1109/MOBISECSERV.2018.8311443