SFP Secondary Cluster: Insecure Authentication Policy

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

This category identifies Software Fault Patterns (SFPs) within the Insecure Authentication Policy cluster.

Weaknesses

ASP.NET Misconfiguration: Use of Identity Impersonation

Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.

Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

Not Using Password Aging

If no mechanism is in place for managing password aging, users will have no incentive to update passwords in a timely manner.

Overly Restrictive Account Lockout Mechanism

The software contains an account lockout protection mechanism, but the mechanism is too restrictive and can be triggered too easily, which allows attackers to deny ser...

Password Aging with Long Expiration

Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.

Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

Concepts

Software Fault Pattern (SFP) Clusters

CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.