Empty String Password

Description
Empty string password allows attackers that obtain the cooresponding user name, which is normally public or easily guessable, to log in to the application. This also makes a brute-force attack much easier, in which an attacker only needs to guess the right user name in order to get in.

Related Threats
Attackers try to obtain a log in account of the application.

Related Attacks

 * Brute-force Attack against application log in interface.

Related Vulnerabilities

 * Weak Passwords

Related Countermeasures
Category:Authentication Strong Password Policy