Category: SFP Secondary Cluster: Insecure Authentication Policy
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Insecure Authentication Policy cluster.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-262 | Not Using Password Aging | The product does not have a mechanism in place for managing password aging. |
| CWE-263 | Password Aging with Long Expiration | The product supports password aging, but the expiration period is too long. |
| CWE-521 | Weak Password Requirements | The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts. |
| CWE-556 | ASP.NET Misconfiguration: Use of Identity Impersonation | Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges. |
| CWE-613 | Insufficient Session Expiration | According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization." |
| CWE-645 | Overly Restrictive Account Lockout Mechanism | The product contains an account lockout protection mechanism, but the mechanism is too restrictive and can be triggered too easily, which allows attackers to deny service to legitimate users by causing their accounts to be locked out. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.