Hello,
I'd like to discuss about Django's password reset token functionality.
I've been able, with a simple Python script, from having read-only access to my Django webserver to a full read-write by crafting a reset token.
Isn't it one of the main goals of hashing passwords ? Protecting from attackers having read only access to the database ?
The only "Unpredictable" data that can be needed if the attacker's last database access is old is the last_login, which can be very easily bypassed with a simple script bruteforce (as I did
here)
I would like to know, is there an other way the password reset mechanism could work that wouldn't enable such problem ? I haven't found one alone.