Credentials Management Errors

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to the management of credentials.

Weaknesses

Missing Password Field Masking

The software does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.

Not Using Password Aging

If no mechanism is in place for managing password aging, users will have no incentive to update passwords in a timely manner.

Password Aging with Long Expiration

Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.

Password in Configuration File

The software stores a password in a configuration file that might be accessible to actors who do not know the password.

Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

Storing Passwords in a Recoverable Format

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypte...

Unprotected Transport of Credentials

Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.

Unverified Password Change

When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

Use of a Key Past its Expiration Date

The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attac...

Use of Hard-coded Credentials

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to exte...

Use of Password Hash With Insufficient Computational Effort

The software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking a...

Weak Encoding for Password

Obscuring a password with a trivial encoding does not protect the password.

Weak Password Recovery Mechanism for Forgotten Password

The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

Concepts

Software Development

This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.