CWE•Base•Draft•0 recent CVEs
CWE-309Use of Password System for Primary Authentication
Description
The use of password systems as the primary means of authentication may be subject to several flaws or shortcomings, each reducing the effectiveness of the mechanism.
Common consequences
- Access Control→Bypass Protection Mechanism,Gain Privileges or Assume IdentityA password authentication mechanism error will almost always result in attackers being authorized as valid users.
Potential mitigations
- Architecture and Design[object Object]
- Architecture and DesignUse a zero-knowledge password protocol, such as SRP.
- Architecture and DesignEnsure that passwords are stored safely and are not reversible.
- Architecture and DesignImplement password aging functionality that requires passwords be changed after a certain point.
- Architecture and DesignUse a mechanism for determining the strength of a password and notify the user of weak password use.
- Architecture and DesignInform the user of why password protections are in place, how they work to protect data integrity, and why it is important to heed their warnings.