SFP Secondary Cluster: Insecure Authentication Policy
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
This category identifies Software Fault Patterns (SFPs) within the Insecure Authentication Policy cluster.
Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
If no mechanism is in place for managing password aging, users will have no incentive to update passwords in a timely manner.
The software contains an account lockout protection mechanism, but the mechanism is too restrictive and can be triggered too easily, which allows attackers to deny ser...
Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.
CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).