I saw a brute-force password retrieval vulnerability in a forum a few days ago.
This vulnerability is common but rarely noticed.
However, this vulnerability causes great harm. You can retrieve the administrator password.
See the following code.
$ Rand = md5 (random (0, 6 ));
This is a retrieval password link that generates a 6-digit random number and undergoes MD5 encryption.
But this is very harmful, because you can write a PHP script to detect the password to retrieve the link.
The solution is as follows:
1. Double encryption of the password retrieval Link
$ Randsalt = random (0, 6 );
$ Rand = md5 (random (0, 6). $ randsalt );
In this way, the password retrieval link will be dual-encrypted safe12316forgetpassword.php? Safe121 = 1234 & safe121.com = adfff
In this way, the link cannot be recovered even if one does not match, which increases the cost of cracking the link.
2. Send the password to the user's email address
Let alone this. Click the link and send it to your mailbox. Even if it is cracked, it will be okay.
3. Restrict IP addresses. For example, if a 7-time error occurs, the IP address is blocked. However, if the other IP address is a dynamic IP address, the IP address can be broken through. Therefore, we recommend the methods 1 and 2.
From: network security technology blog