Authentication / Password change without entering existing password
Web and API
Description
The function to change the own user account password does not require entering the existing password of that account.
Risk
A password change function that does not require entering the old password introduces several security risks and vulnerabilities.
- Unauthorized password changes: Without verifying the old password, an attacker may be able to change the password for an account without the legitimate user's knowledge or consent. This can lead to unauthorized access and potential misuse of the account.
- Account takeover through session hijacking: If an attacker gains access to a user's active session (e.g., through session hijacking), they can change the password without needing the old one. This can result in a complete takeover of the account.
- Social engineering attacks: An attacker may trick a user into changing their password through social engineering, without needing the old password. This can be done by impersonating a legitimate service or using deceptive techniques.
- Increased risk of insider threats: In organizations, employees with malicious intent may exploit the lack of a requirement for the old password to change the password of another user, leading to unauthorized access.
Solution
Always require users to authenticate themselves by entering their current password before allowing any changes. This ensures that only authorized individuals can modify the account password. Implement proper access controls and monitoring to detect and prevent insider threats. Regularly audit and review user access permissions.