The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.
An authentication mechanism is only as strong as its credentials. For this reason, it is important to require users to have strong passwords. Lack of password complexity significantly reduces the search space when trying to guess user's passwords, making brute-force attacks easier.
cwe_Nature: ChildOf cwe_CWE_ID: 287 cwe_View_ID: 1000 cwe_Ordinal: Primary
cwe_Nature: ChildOf cwe_CWE_ID: 287 cwe_View_ID: 1003 cwe_Ordinal: Primary
|Access Control||Gain Privileges or Assume Identity||An attacker could easily guess user passwords and gain access user accounts.|
策略: Enforce usage of strong passwords. A password strength policy should contain the following attributes:
Authentication mechanisms should always require sufficiently complex passwords and require that they be periodically changed.
|映射的分类名||ImNode ID||Fit||Mapped Node Name|
|OWASP Top Ten 2004||A3||CWE More Specific||Broken Authentication and Session Management|