Hikvision Password Reset Vulnerabilities Exposed to Attacks
/ 1 min read
🔑 Password reset vulnerabilities expose users to brute force attacks. The common practice of sending a one-time password (OTP) for password resets can be compromised if proper brute force protections are not implemented. While this method is user-friendly, especially for mobile users, it often relies on short, predictable codes that can be easily guessed. A notable example is Facebook, which faced issues due to this vulnerability. To mitigate risks, it is recommended that sites limit the number of attempts (suggested five) and restrict the validity period of the code (recommended 30 minutes). Additionally, a recent exploit related to Hikvision revealed that some reset codes were not random, further highlighting the need for robust security measures in password reset processes.
