V2.5 — Credential Recovery
Credential Recovery: 7 L3 requirement(s). V2.5.1: Verify that a system generated initial activation or recovery secret is not sent in clear text to the user. (C6) V2.5.2: Verify password hints or knowledge-based authentication (so-called "secret questions") are not present. V2.5.3: Verify password credential recovery does not reveal the current password in any way. (C6) ... and 4 more.
| Property | Value |
|---|---|
| Section | V2.5 |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-ARCH-01 | Platform Architecture Non-Applicability Register |
Source: OWASP Application Security Verification Standard 4.0.3