Weak Password

Impact: High


The application does not enforce using a strong password, which makes it easier for attackers to find users’ passwords.


To mitigate the risk of easily guessed passwords facilitating unauthorized access there are two solutions: introduce additional authentication controls (i.e. two-factor authentication) or introduce a strong password policy. The simplest and cheapest of these is the introduction of a strong password policy that ensures password length, complexity, reuse and aging; although ideally both of them should be implemented. OWASP


Last updated on February 15, 2021

This issue is available in SmartScanner Professional

See Pricing