SFP Secondary Cluster: Insecure Authentication Policy

A category in the Common Weakness Enumeration published by The MITRE Corporation.

  • Source

    CWE Catalog - 4.14

  • Identifier

    CWE-951

  • Status

    Incomplete

Contents

Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

This category identifies Software Fault Patterns (SFPs) within the Insecure Authentication Policy cluster.

Weaknesses

ASP.NET Misconfiguration: Use of Identity Impersonation

Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.

Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

Not Using Password Aging

The product does not have a mechanism in place for managing password aging.

Overly Restrictive Account Lockout Mechanism

The product contains an account lockout protection mechanism, but the mechanism is too restrictive and can be triggered too easily, which allows attackers to deny serv...

Password Aging with Long Expiration

The product supports password aging, but the expiration period is too long.

Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

Concepts

Software Fault Pattern (SFP) Clusters

CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.