Difference between revisions of "Not allowing password aging"

Jump to: navigation, search
m (Reverted edits by LacaaCmono (Talk) to last version by KirstenS)
Line 1: Line 1:
[http://s1.shard.jp/frhorton/q8nii8ad3.html pictures of zambia africa ] [http://s1.shard.jp/galeach/new98.html yes asia ] [http://s1.shard.jp/frhorton/sprmxlc9l.html person search in south africa] [http://s1.shard.jp/losaul/australian-accent.html analyst australia ] [http://s1.shard.jp/frhorton/ru9zwzdr5.html coltan in africa ] [http://s1.shard.jp/galeach/new70.html asia carrera mpeg ] [http://s1.shard.jp/frhorton/3q938n1mz.html business oppertunities south africa ] [http://s1.shard.jp/losaul/centacare-australia.html goninan australia ] [http://s1.shard.jp/frhorton/j1znr5lny.html african south ] [http://s1.shard.jp/galeach/new179.html asian continents ] [http://s1.shard.jp/losaul/planes-for-sale.html motor cycle parts australia ] [http://s1.shard.jp/olharder/autoroll-654.html link] [http://s1.shard.jp/galeach/new81.html asian charm ] [http://s1.shard.jp/frhorton/kcixkr2qy.html africa airport bloemfontein code hertzog jbm south ] [http://s1.shard.jp/frhorton/wfr85id85.html african craft kid] [http://s1.shard.jp/olharder/auto-ordance.html auto detailing portland oregon ] [http://s1.shard.jp/olharder/autoroll-654.html url] [http://s1.shard.jp/frhorton/2i2g9o8vi.html oh africa my soul cries out to you ] [http://s1.shard.jp/bireba/symantec-antivirus.html asquared antivirus ] [http://s1.shard.jp/losaul/liberal-party.html australia land tours ] [http://s1.shard.jp/olharder/baltimore-auto.html autosite.com ] [http://s1.shard.jp/losaul/rolling-stones.html camp quality australia ] [http://s1.shard.jp/olharder/automatic-guided.html auto loan amortization schedule ] [http://s1.shard.jp/frhorton/pp3b7gffd.html africa malawi map ] [http://s1.shard.jp/galeach/new48.html asian culture and language ] [http://s1.shard.jp/olharder/automatic-direction.html grand theft auto san andraes cheats for ps2 ] [http://s1.shard.jp/bireba/clam-win-antivirus.html antivirus macintosh free ] [http://s1.shard.jp/losaul/seven-nightclub.html domain register australia ] [http://s1.shard.jp/olharder/autoroll-654.html url] [http://s1.shard.jp/losaul/australian-tea-trees.html learners permit western australia ] [http://s1.shard.jp/losaul/the-barrier-reef.html kimberley clarke australia ] [http://s1.shard.jp/frhorton/jxumdkxje.html african american christian org ] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/frhorton/6znbfza3k.html african wildlife fund ] [http://s1.shard.jp/galeach/new140.html telangiectasia and imiquimod ] [http://s1.shard.jp/olharder/autoroll-654.html site] [http://s1.shard.jp/frhorton/1euh2vemn.html african birthing ] [http://s1.shard.jp/losaul/new-england-university.html immigrationaustralia.com ] [http://s1.shard.jp/olharder/xp-autoplay-disable.html blueknobauto ] [http://s1.shard.jp/olharder/auto-start.html auto car part part part truck ] [http://s1.shard.jp/galeach/new20.html interesting facts about asian elephants ] [http://s1.shard.jp/galeach/new182.html asian teacher school girl ] [http://s1.shard.jp/bireba/vet-antivirus.html mcafee free antivirus ] [http://s1.shard.jp/bireba/eztrust-antivirus.html norton antivirus 2005 keygen by tmg ] [http://s1.shard.jp/galeach/new130.html asian bound ] [http://s1.shard.jp/frhorton/4jl7mv47m.html book for african american kid ] [http://s1.shard.jp/olharder/22-auto-barrels.html auto auto insurance insurance las santorum specialist vegas ] [http://s1.shard.jp/losaul/australian-import.html mundipharma australia ] 

Latest revision as of 13:42, 26 May 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 05/26/2009

Vulnerabilities Table of Contents


If no mechanism is in place for managing password aging, users will have no incentive to update passwords in a timely manner.


  • Authentication: As passwords age, the probability that they are compromised grows.

Exposure period

  • Design: Support for password aging mechanisms must be added in the design phase of development.


  • Languages: All
  • Operating platforms: All

Required resources




Likelihood of exploit

Very Low

The recommendation that users change their passwords regularly and do not reuse passwords is universal among security experts. In order to enforce this, it is useful to have a mechanism that notifies users when passwords are considered old and that requests that they replace them with new, strong passwords.

In order for this functionality to be useful, however, it must be accompanied with documentation which stresses how important this practice is and which makes the entire process as simple as possible for the user.

Risk Factors

  • Talk about the factors that make this vulnerability likely or unlikely to actually happen
  • Discuss the technical impact of a successful exploit of this vulnerability
  • Consider the likely [business impacts] of a successful attack


  • A common example is not having a system to terminate old employee accounts.
  • Not having a system for enforcing the changing of passwords every certain period.

Related Attacks

Related Vulnerabilities

Related Controls

  • Design: Ensure that password aging functionality is added to the design of the system, including an alert previous to the time the password is considered obsolete, and useful information for the user concerning the importance of password renewal, and the method.

Related Technical Impacts


Note: A reference to related CWE or CAPEC article should be added when exists. Eg: