ASVS Requirement 7.5.1

• Level: 2
• Chapter: V7 Session Management
• Section: V7.5 Defenses Against Session Abuse
• Source: 0x16-V7-Session-Management.md

Description

Verify that the application requires full re-authentication before allowing modifications to sensitive account attributes which may affect authentication such as email address, phone number, MFA configuration, or other information used in account recovery.