CWE-262 未使用口令老化机制

Not Using Password Aging

结构: Simple

Abstraction: Variant

状态: Draft

被利用可能性: Low

基本描述

If no mechanism is in place for managing password aging, users will have no incentive to update passwords in a timely manner.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 287 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 404 cwe_View_ID: 1000

  • cwe_Nature: PeerOf cwe_CWE_ID: 309 cwe_View_ID: 1000

  • cwe_Nature: PeerOf cwe_CWE_ID: 263 cwe_View_ID: 1000

  • cwe_Nature: PeerOf cwe_CWE_ID: 324 cwe_View_ID: 1000

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围 影响 注释
Access Control Gain Privileges or Assume Identity As passwords age, the probability that they are compromised grows.

可能的缓解方案

Architecture and Design

策略:

The recommendation that users change their passwords regularly and do not reuse passwords is universal among security experts. In order to enforce this, it is useful to have a password aging mechanism that notifies users when passwords are considered old and that requests that they replace them with new, strong passwords. In order for this functionality to be useful, however, it must be accompanied with documentation which stresses how important this practice is and which makes the entire process as simple as possible for the user.

示例代码

A common example is not having a system to terminate old employee accounts.

Not having a system for enforcing the changing of passwords every certain period.

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
CLASP Not allowing password aging

相关攻击模式

  • CAPEC-16
  • CAPEC-49
  • CAPEC-55
  • CAPEC-70

引用