Account Takeover is a type of cyberattack in which an attacker can take over a victim\u2019s user account through malicious means. This attack scenario does not involve the attacker being aware of the victim\u2019s sensitive credentials in advance to successfully gain access to an account. The login credentials or an active session of the victim using approaches (such as phishing, malware, man-in-the-middle attacks, and others) is required initially to compromise an account.<\/p>\n
Read on to learn more about Account Takeover Techniques.<\/p>\n
The following are the most common techniques used to take over a secured victim’s account.<\/p>\n
If there is a CSRF vulnerability in the email\/phone change functionality, it can be abused to update the email\/phone of a victim, and a password reset can be performed.<\/p>\n
If there is a host header injection vulnerability present in the application, it can be abused to poison the password reset token. The reset token can be accessed by the attacker if the host header is changed to an attacker-controlled domain. A CRLF injection can also be abused to inject a custom host header.<\/p>\n
https:\/\/youtu.be\/24IsNsLWtco<\/a><\/p>\n While requesting a reset password, the application may leak the reset password token in the response itself.<\/p>\n If there is no rate limiting on the password reset OTP input and the length of the OTP string is known, then this can be abused to brute force all possibilities of the OTP string, and the account can be taken over.<\/p>\n If an open redirect vulnerability exists in the OAuth flow of the application then the OAuth tokens can be stolen. The victim can be redirected to an attacker-controlled domain through the open redirect vulnerability and the token can be stolen.<\/p>\n Take a look at the difference in the response between a successful and an unsuccessful login attempt. There may be a dependency that triggers a login or a password change. Change the unsuccessful response with the successful response and look for a possibility of account takeover.<\/p>\n Sign up on an application with an existing username and add a white space before\/after the username. This will create a new account with a similar username. Reset the password of the malicious account. This may result in the victim\u2019s account takeover.<\/p>\nPassword Reset Token Leak<\/h2>\n
No Rate Limiting<\/h2>\n
Stealing OAuth Tokens<\/h2>\n
Response Manipulation<\/h2>\n
Username Collision<\/h2>\n