Vulnerabilities/

Weak Password

Severity:: High

Description

Weak Password vulnerabilities arise when applications fail to enforce strong password policies, making it easier for attackers to guess or crack users’ passwords, leading to unauthorized access.

Recommendation

Mitigate the risk of weak passwords by implementing strong password policies. Enforce password length, complexity, uniqueness, and regular password changes. Consider augmenting with additional authentication controls like two-factor authentication for enhanced security. Regularly educate users about password best practices and provide tools for generating and managing strong passwords. For comprehensive guidance, refer to OWASP’s recommendations on Testing for Weak Password Policy.

References

OWASP: Testing for Weak Password Policy
OWASP: Brute Force Attack
NIST Special Publication 800-63B: Digital Identity Guidelines
NCSC: Password Guidance: Simplifying Your Approach
CWE-521
CAPEC-49
OWASP 2021-A7

Related Issues

Apache Tomcat Manager Login Found - Vulnerability
Brute Force Prevention Bypassed - Vulnerability
Password Input on HTTP - Vulnerability
Password Sent in HTTP Query - Vulnerability

Tags:: Password Policy; Authentication; Brute Force

Anything's wrong? Let us know Last updated on May 13, 2024