Weak Password
Impact: High
Description
Weak Password vulnerabilities arise when applications fail to enforce strong password policies, making it easier for attackers to guess or crack users’ passwords, leading to unauthorized access.
Recommendation
Mitigate the risk of weak passwords by implementing strong password policies. Enforce password length, complexity, uniqueness, and regular password changes. Consider augmenting with additional authentication controls like two-factor authentication for enhanced security. Regularly educate users about password best practices and provide tools for generating and managing strong passwords. For comprehensive guidance, refer to OWASP’s recommendations on Testing for Weak Password Policy.
References
- CWE-521
- NCSC: Password Guidance: Simplifying Your Approach
- NIST Special Publication 800-63B: Digital Identity Guidelines
- OWASP 2021-A7
- OWASP: Brute Force Attack
- OWASP: Testing for Weak Password Policy
👉 You might also like:
Brute Force Prevention Bypassed - Vulnerability
WordPress Login Page Found - Vulnerability
Apache Tomcat Manager Login Found - Vulnerability
User Enumeration - Vulnerability
Last updated on May 13, 2024