Allowing password aging
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
Last revision (mm/dd/yy): 01/22/2009
The inability to enforce password aging can result in the possibility of diminished password integrity.
- Authentication: As passwords age, the probability that they are compromised grows.
- Design: Support for password aging mechanisms must be added in the design phase of development.
- Languages: All
- Operating platforms: All
Likelihood of exploit
Just as neglecting to include functionality for the management of password aging is dangerous, so is allowing password aging to continue unchecked. Passwords must be given a maximum life span, after which a user is required to update with a new and different password.
- A common example is not having a system to terminate old employee accounts.
- Not having a system for enforcing the changing of passwords every certain period.
- Control 1
- Control 2
- Design: Ensure that password aging is limited so that there is a defined maximum age for passwords and so that the user is notified several times leading up to the password expiration.
Related Technical Impacts