Difference between revisions of "Allowing password aging"

Jump to: navigation, search
Line 1: Line 1:
Line 51: Line 52:
[[Category:Password Management Vulnerability]]
[[Category:Password Management Vulnerability]]
[[Category:Authentication Vulnerability]]
[[Category:Authentication Vulnerability]]

Revision as of 13:19, 7 August 2006

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.


  • Authentication: As passwords age, the probability that they are compromised grows.

Exposure period

  • Design: Support for password aging mechanisms must be added in the design phase of development.


  • Languages: All
  • Operating platforms: All

Required resources




Likelihood of exploit

Very Low

Avoidance and mitigation

  • Design: Ensure that password aging is limited so that there is a defined maximum age for passwords and so that the user is notified several times leading up to the password expiration.


Just as neglecting to include functionality for the management of password aging is dangerous, so is allowing password aging to continue unchecked. Passwords must be given a maximum life span, after which a user is required to update with a new and different password.


  • A common example is not having a system to terminate old employee accounts.
  • Not having a system for enforcing the changing of passwords every certain period.

Related problems