Cable and internet giant Frontier was on the verge of cyberattack due to a critical vulnerability in its system. A security researcher informed Frontier about a password reset flaw in its system that made Frontier accounts vulnerable to hacking. The cable giant began investigations on the matter but in the meantime it shut down the functionality of changing the password on the web.
Critical Password Reset Flaw Made Frontier Accounts Vulnerable
Ryan Stevenson, a security researcher, found a critical vulnerability on Frontier’s website. The bug existed in the password reset feature that made all accounts vulnerable to hacking. According to the researcher, anyone could take over an account by having either an accounts username or email address. The attacker could then easily bypass the two-factor authentication process by cracking the access code needed during password reset process.
Frontier quickly began investigating the matter upon notifying about the flaw. Until then, they did not forget to close this option as a precaution. A Frontier spokesperson said,
“Out of an abundance of caution, while the matter is being investigated, Frontier has shut down the functionality of changing a customer’s password via the web.”
An Attacker Could Bypass 2FA Through Entering Unlimited Access Codes
According to Stevenson, the access code field on the website had no limits. This allowed any potential attacker to enter as many codes as he wanted to access an account. In fact, Stevenson himself was able to reproduce the code for his test account by using Burp Suite – a network intercept tool.
He demonstrated this password reset flaw in a video. He created a test account first on Frontier’s website and then began sending automated six-digit access codes to the form. Encountering the correct code resulted in a relatively bigger server response as compared to the ones generated against incorrect codes.
Stevenson then easily reset the password for his account through the correct access code.
This clearly demonstrated that anyone with a fast internet connection and software to send automated codes could easily access any account within a day. The attacker only needed to be specific about the target account since the initial password reset steps are secured by CAPTCHA.
Frontier is among the largest internet and cable network services providers in the USA.
Let us know your thoughts in the comments below.