Kuba technology's password reset for any user

1) The password retrieval function of Kuba technology is very powerful, which facilitates users to a great extent, but it also brings a significant increase in risks, kuba technology supports password retrieval for user names, email addresses, and mobile phones. 2) attackers can use the mobile phone password retrieval function to reset user passwords as long as they know any of the above three types of information (ps: shopping website users are basically bound with mobile phone numbers), enter the user name or email system will directly send the security code to the mobile phone number bound to the account; 3) in this example, vulnerabilities of the same type are: attackers can directly obtain the user's account information and increase the actual operability of vulnerability exploitation. 3.1) they come to the comments of a product on the website, it is found that many users evaluate the product after purchasing the product. The source code is as follows: <div class = "usr"> <div class = "avatar"> </Div> <p class =" name "> 13916956 * </p> <p class =" info "> dwelling member </p> </div> 3.2) the source code is as follows: <div class = "usr"> <div class = "avatar"> </Div> <p class =" name "> weinixiong *** </p> <p class =" info "> dwelling member </p> </div> 3.3) through the above, we can easily find that the naming rules of alt attributes in the img label correspond to the user name. With this discovery, we can find a lot of user information, this greatly increases the practical operability of vulnerability exploitation. 4) Now we can use the mobile phone password retrieval function (this test uses my own mobile phone number ), enter a 6-digit security code at will; 5) Click Next to submit and capture packets; 6) set the identifyCode parameter to a brute-force object. In this example, only the vulnerability is demonstrated, the brute-force cracking interval is set to a small 6-digit interval containing the actual verification code. The actual verification code can be confirmed based on the submitted status and the length of the returned bytes. 7) the packet capture page is returned, use a real verification code to replace any submitted identifyCode parameters and compare them to go to the Password Reset page. 8) enter the password we want to change and submit it. The user password reset vulnerability is exploited;

 Solution:1) increase the complexity of the verification code, such as the number and case of the child-mother round; 2) Limit the number of verification errors; 3) set the validity period of the Verification Code;