CWE-263 口令老化拥有过长有效期
Password Aging with Long Expiration
结构: Simple
Abstraction: Base
状态: Draft
被利用可能性: Low
基本描述
Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.
扩展描述
Just as neglecting to include functionality for the management of password aging is dangerous, so is allowing password aging to continue unchecked. Passwords must be given a maximum life span, after which a user is required to update with a new and different password.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 287 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 404 cwe_View_ID: 1000
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Access Control | Gain Privileges or Assume Identity | As passwords age, the probability that they are compromised grows. |
可能的缓解方案
Architecture and Design
策略:
Ensure that password aging is limited so that there is a defined maximum age for passwords and so that the user is notified several times leading up to the password expiration.
示例代码
例
A common example is not having a system to terminate old employee accounts.
例
Not having a system for enforcing the changing of passwords every certain period.
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| CLASP | Allowing password aging |
相关攻击模式
- CAPEC-16
- CAPEC-49
- CAPEC-55
- CAPEC-70