Empty String Password

Revision as of 11:39, 9 June 2006 by Weilin Zhong (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


Empty string password allows attackers that obtain the cooresponding user name, which is normally public or easily guessable, to log in to the application. This also makes a brute-force attack much easier, in which an attacker only needs to guess the right user name in order to get in.


Related Threats

Attackers try to obtain a log in account of the application.

Related Attacks

Related Vulnerabilities

Related Countermeasures

Category:Authentication Strong Password Policy


This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.