CWE-262 未使用口令老化机制
Not Using Password Aging
结构: Simple
Abstraction: Variant
状态: Draft
被利用可能性: Low
基本描述
If no mechanism is in place for managing password aging, users will have no incentive to update passwords in a timely manner.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 287 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 404 cwe_View_ID: 1000
-
cwe_Nature: PeerOf cwe_CWE_ID: 309 cwe_View_ID: 1000
-
cwe_Nature: PeerOf cwe_CWE_ID: 263 cwe_View_ID: 1000
-
cwe_Nature: PeerOf cwe_CWE_ID: 324 cwe_View_ID: 1000
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Access Control | Gain Privileges or Assume Identity | As passwords age, the probability that they are compromised grows. |
可能的缓解方案
Architecture and Design
策略:
The recommendation that users change their passwords regularly and do not reuse passwords is universal among security experts. In order to enforce this, it is useful to have a password aging mechanism that notifies users when passwords are considered old and that requests that they replace them with new, strong passwords. In order for this functionality to be useful, however, it must be accompanied with documentation which stresses how important this practice is and which makes the entire process as simple as possible for the user.
示例代码
例
A common example is not having a system to terminate old employee accounts.
例
Not having a system for enforcing the changing of passwords every certain period.
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| CLASP | Not allowing password aging |
相关攻击模式
- CAPEC-16
- CAPEC-49
- CAPEC-55
- CAPEC-70