SFP Secondary Cluster: Insecure Authentication Policy
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
This category identifies Software Fault Patterns (SFPs) within the Insecure Authentication Policy cluster.
Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
The product does not have a mechanism in place for managing password aging.
The product contains an account lockout protection mechanism, but the mechanism is too restrictive and can be triggered too easily, which allows attackers to deny serv...
The product supports password aging, but the expiration period is too long.
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.
CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).