In my web application, I have a password recovery functionality. If a wrong security question is provided, the server returns an error message and sets the success flag to false in the JSON response. However, if someone intercepts the response and modifies it to set the error message to null and success to true, they can bypass the security check.
tech :.net mvc
i tried to add encrypted string
Avoid having a point of weakness.
It seems you are doing password recovery in two steps, with the second step being dependent on the result of the first step at the client. Two obvious solutions suggest themselves:
Don't do password recovery in two steps. Ask for the security question alongside the new password, and check the answer to the security question in the server immediately before the password is changed, as a part of the same request/response cycle.
Store the result of the security check serverside. If you do not pass the result of the security check back to the user and have the clientside app repeat it back to the server, but instead never expose it to clientside at all, it cannot be hacked in the manner you describe. This is still vulnerable to session hijacking attack, but it requires that the attacker has access to the client where someone has already answered the security question correctly, so it is still much safer.