Weak Password
Impact: High
Description
The application does not enforce using a strong password, which makes it easier for attackers to find users’ passwords.
Recommendation
To mitigate the risk of easily guessed passwords facilitating unauthorized access there are two solutions: introduce additional authentication controls (i.e. two-factor authentication) or introduce a strong password policy. The simplest and cheapest of these is the introduction of a strong password policy that ensures password length, complexity, reuse and aging; although ideally both of them should be implemented. OWASP
References
- OWASP: Testing for Weak Password Policy
- OWASP: Brute Force Attack
- OWASP 2017-A2
- OWASP 2021-A7
- CWE-521
👉 You might also like:
Brute Force Prevention Bypassed - Vulnerability
5 Security Vulnerabilities You Can Fix Right Now
How do hackers hack websites?
Auto Complete Enabled Password Input - Vulnerability
Last updated on February 15, 2021