Password Aging with Long ExpirationID: 263 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: DRAFT |
Abstraction Type: Base |
Description
Allowing password aging to occur unchecked can result in the
possibility of diminished password integrity.
Extended DescriptionJust as neglecting to include functionality for the management of password
aging is dangerous, so is allowing password aging to continue unchecked.
Passwords must be given a maximum life span, after which a user is required
to update with a new and different password.
Likelihood of Exploit: Very Low
Applicable PlatformsLanguage Class: All
Time Of Introduction
Related Attack Patterns
Common Consequences
Scope | Technical Impact | Notes |
---|
Access_Control | Gain privileges / assume
identity | As passwords age, the probability that they are compromised
grows. |
Detection MethodsNone
Potential Mitigations
Phase | Strategy | Description | Effectiveness | Notes |
---|
Architecture and Design | | Ensure that password aging is limited so that there is a defined
maximum age for passwords and so that the user is notified several times
leading up to the password expiration. | | |
Relationships
Related CWE | Type | View | Chain |
---|
CWE-263 ChildOf CWE-898 | Category | CWE-888 | |
Demonstrative Examples (Details)
- A common example is not having a system to terminate old employee
accounts.
- Not having a system for enforcing the changing of passwords every
certain period.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
CLASP | | Allowing password aging | |
References:
- Michael Howard David LeBlanc John Viega .24 Deadly Sins of Software Security. McGraw-Hill. Section:'"Sin 19: Use of Weak Password-Based Systems." Page
279'. Published on 2010.