CWE-263 口令老化拥有过长有效期

Password Aging with Long Expiration

结构: Simple

Abstraction: Base

状态: Draft

被利用可能性: Low

基本描述

Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.

扩展描述

Just as neglecting to include functionality for the management of password aging is dangerous, so is allowing password aging to continue unchecked. Passwords must be given a maximum life span, after which a user is required to update with a new and different password.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 287 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 404 cwe_View_ID: 1000

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围 影响 注释
Access Control Gain Privileges or Assume Identity As passwords age, the probability that they are compromised grows.

可能的缓解方案

Architecture and Design

策略:

Ensure that password aging is limited so that there is a defined maximum age for passwords and so that the user is notified several times leading up to the password expiration.

示例代码

A common example is not having a system to terminate old employee accounts.

Not having a system for enforcing the changing of passwords every certain period.

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
CLASP Allowing password aging

相关攻击模式

  • CAPEC-16
  • CAPEC-49
  • CAPEC-55
  • CAPEC-70

引用