Category-255: 凭证管理
ID: 255 Status: Draft
Summary
Weaknesses in this category are related to the management of credentials.
Membership
| ID | NAME |
|---|---|
| CWE-261 | 口令使用弱密码学算法 |
| CWE-262 | 未使用口令老化机制 |
| CWE-263 | 口令老化拥有过长有效期 |
| CWE-521 | 弱口令要求 |
| CWE-522 | 不充分的凭证保护机制 |
| CWE-549 | 口令域未进行输入隐藏 |
| CWE-620 | 未经验证的口令修改 |
| CWE-640 | 忘记口令恢复机制弱 |
| CWE-798 | 使用硬编码的凭证 |
Taxonomy Mappings
| Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
|---|---|---|---|
| OWASP Top Ten 2004 | A3 | Broken Authentication and Session Management |