Verification code brute force cracking test [easy to understand]

Hello everyone , I meet you again , I'm your friend, Quan Jun .

Verification code brute force cracking test

Test principle and method

In the password retrieval function module, the user's credentials are usually retrieved （ Generally, it is verification code ） Send it to the user to see In your mobile number or email , As long as the user does not disclose his verification code, it will not be used by the attacker , But some applications The number and complexity of verification code in the verification code sending function module of the program are weak , There is no limit on the number of verification codes

The authentication code can be forcibly enumerated and any user password can be modified . When testing whether the verification code can be enumerated violently , You can send the verification code to your account several times first , Observe Whether the verification code is regular , For example, the verification code received each time is pure digital and 4 digit .

Repair suggestions

In order to avoid the situation that the verification code is brutally cracked , It is recommended to take the wrong number of times for the verification code entered by the user Limit and increase the complexity of the verification code .

Publisher ： Full stack programmer stack length , Reprint please indicate the source ：https://javaforall.cn/128390.html Link to the original text ：https://javaforall.cn