Step by step to break Apple ID password reset

littlepants9394

As Apple has fixed the vulnerability, it is good time to share the step by step guide to show how Apple ID password reset is broken.

It is a good example that your developers could ruin your life when lack of training and testing.

http://m.imore.com/anatomy-apple-id-password-reset-exploit

馬後砲

littlepants9394 發表於 2013-3-29 00:04

                               
登錄/註冊後可看大圖

As Apple has fixed the vulnerability, it is good time to share the step by step guide to show how Ap ...

節錄 ：
Normally the password reset process has 6 steps:

1. On iforgot.apple.com, enter your Apple ID to begin the process.

2. Select an authentication method - “Answer security questions” is the one we would use.

3. Enter your date of birth.

4. Answer two security questions.

5. Enter your new password.

6. Be taken to a success page saying your password has been reset.

What should happen in a process like this is that each step can only be performed once all of the steps before it have successfully been completed. The security hole was a result of this not being properly enforced in Apple’s password reset process.

In step 5, when you submit your new password, a form is sent to the iForgot servers with the password change request. The form being sent takes shape as a URL

馬後砲

The URL had the effect of allowing them to skip step 4, achieve step 5, and get confirmation in step 6 that they had successfully reset a user’s password.

當attacker修改左個URL Content 然後 send 去 server 就可以改到password

Gold007

Thank you for your information
I know how to reset the password in Apple Phone

littlepants9394

回應 馬後砲 #3 的帖子

Thanks for appreciating the post Forum Master. Yes it is a typical example of lack of simple input validation that caused the bug being used by hacker.