Difference between revisions of "Allowing password aging"

From OWASP
Jump to: navigation, search
 
 
(19 intermediate revisions by 7 users not shown)
Line 1: Line 1:
 +
{{Template:Vulnerability}}
 +
{{Template:SecureSoftware}}
 +
<br>
  
 +
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
  
{{Template:SecureSoftware}}
+
[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
 
+
==Overview==
+
  
 +
==Description==
 
Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.
 
Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.
  
==Consequences ==
+
'''Consequences'''
  
 
* Authentication: As passwords age, the probability that they are compromised grows.
 
* Authentication: As passwords age, the probability that they are compromised grows.
  
==Exposure period ==
+
'''Exposure period'''
  
 
* Design: Support for password aging mechanisms must be added in the design phase of development.
 
* Design: Support for password aging mechanisms must be added in the design phase of development.
  
==Platform ==
+
'''Platform'''
  
 
* Languages: All
 
* Languages: All
Line 21: Line 24:
 
* Operating platforms: All  
 
* Operating platforms: All  
  
==Required resources ==
+
'''Required resources'''
  
 
Any
 
Any
  
==Severity ==
+
'''Severity'''
  
 
Medium
 
Medium
  
==Likelihood  of exploit ==
+
'''Likelihood  of exploit'''
  
 
Very Low
 
Very Low
  
==Avoidance and mitigation ==
+
Just as neglecting to include functionality for the management of password aging is dangerous, so is allowing password aging to continue unchecked. Passwords must be given a maximum life span, after which a user is required to update with a new and different password.
  
* Design: Ensure that password aging is limited so that there is a defined maximum age for passwords and so that the user is notified several times leading up to the password expiration.
+
==Risk Factors==
 +
TBD
  
==Discussion ==
+
==Examples==
 +
* A common example is not having a system to terminate old employee accounts.
 +
* Not having a system for enforcing the changing of passwords every certain period.
  
Just as neglecting to include functionality for the management of password aging is dangerous, so is allowing password aging to continue unchecked. Passwords must be given a maximum life span, after which a user is required to update with a new and different password.
+
==Related [[Attacks]]==
 +
* [[Attack 1]]
 +
* [[Attack 2]]
 +
TBD
  
==Examples ==
+
==Related [[Vulnerabilities]]==
 +
* [[Not allowing password aging]]
  
* A common example is not having a system to terminate old employee accounts.
+
==Related [[Controls]]==
 +
* [[Control 1]]
 +
* [[Control 2]]
 +
* Design: Ensure that password aging is limited so that there is a defined maximum age for passwords and so that the user is notified several times leading up to the password expiration.
  
* Not having a system for enforcing the changing of passwords every certain period.
+
==Related [[Technical Impacts]]==
 +
* [[Technical Impact 1]]
 +
* [[Technical Impact 2]]
  
==Related problems ==
+
==References==
 +
TBD
  
* Not allowing for password aging
+
__NOTOC__
 
+
==Categories ==
+
  
 
[[Category:Vulnerability]]
 
[[Category:Vulnerability]]
 
+
[[Category:Password Management Vulnerability]]
[[Category:Protocol Errors]]
+
[[Category:Authentication Vulnerability]]
 +
[[Category:OWASP_CLASP_Project]]

Latest revision as of 19:11, 20 February 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.



Last revision (mm/dd/yy): 02/20/2009

Vulnerabilities Table of Contents

Description

Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.

Consequences

  • Authentication: As passwords age, the probability that they are compromised grows.

Exposure period

  • Design: Support for password aging mechanisms must be added in the design phase of development.

Platform

  • Languages: All
  • Operating platforms: All

Required resources

Any

Severity

Medium

Likelihood of exploit

Very Low

Just as neglecting to include functionality for the management of password aging is dangerous, so is allowing password aging to continue unchecked. Passwords must be given a maximum life span, after which a user is required to update with a new and different password.

Risk Factors

TBD

Examples

  • A common example is not having a system to terminate old employee accounts.
  • Not having a system for enforcing the changing of passwords every certain period.

Related Attacks

TBD

Related Vulnerabilities

Related Controls

  • Control 1
  • Control 2
  • Design: Ensure that password aging is limited so that there is a defined maximum age for passwords and so that the user is notified several times leading up to the password expiration.

Related Technical Impacts

References

TBD