结构: Simple
Abstraction: Variant
状态: Draft
被利用可能性: Low
If no mechanism is in place for managing password aging, users will have no incentive to update passwords in a timely manner.
cwe_Nature: ChildOf cwe_CWE_ID: 287 cwe_View_ID: 1000 cwe_Ordinal: Primary
cwe_Nature: ChildOf cwe_CWE_ID: 404 cwe_View_ID: 1000
cwe_Nature: PeerOf cwe_CWE_ID: 309 cwe_View_ID: 1000
cwe_Nature: PeerOf cwe_CWE_ID: 263 cwe_View_ID: 1000
cwe_Nature: PeerOf cwe_CWE_ID: 324 cwe_View_ID: 1000
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
范围 | 影响 | 注释 |
---|---|---|
Access Control | Gain Privileges or Assume Identity | As passwords age, the probability that they are compromised grows. |
策略:
The recommendation that users change their passwords regularly and do not reuse passwords is universal among security experts. In order to enforce this, it is useful to have a password aging mechanism that notifies users when passwords are considered old and that requests that they replace them with new, strong passwords. In order for this functionality to be useful, however, it must be accompanied with documentation which stresses how important this practice is and which makes the entire process as simple as possible for the user.
A common example is not having a system to terminate old employee accounts.
Not having a system for enforcing the changing of passwords every certain period.
映射的分类名 | ImNode ID | Fit | Mapped Node Name |
---|---|---|---|
CLASP | Not allowing password aging |