Password Aging with Long Expiration
Weakness ID: 263 (Weakness Base)Status: Draft
+ Description

Description Summary

Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.
+ Time of Introduction
  • Architecture and Design
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect
Authentication

As passwords age, the probability that they are compromised grows.

+ Likelihood of Exploit

Very Low

+ Demonstrative Examples

Example 1

A common example is not having a system to terminate old employee accounts.

Example 2

Not having a system for enforcing the changing of passwords every certain period.

+ Potential Mitigations

Phase: Architecture and Design

Ensure that password aging is limited so that there is a defined maximum age for passwords and so that the user is notified several times leading up to the password expiration.

+ Other Notes

Just as neglecting to include functionality for the management of password aging is dangerous, so is allowing password aging to continue unchecked. Passwords must be given a maximum life span, after which a user is required to update with a new and different password.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory255Credentials Management
Development Concepts (primary)699
ChildOfWeakness BaseWeakness Base404Improper Resource Shutdown or Release
Research Concepts (primary)1000
PeerOfWeakness VariantWeakness Variant262Not Using Password Aging
Research Concepts1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CLASPAllowing password aging
+ Related Attack Patterns
CAPEC-IDAttack Pattern Name
(CAPEC Version: 1.4)
16Dictionary-based Password Attack
49Password Brute Forcing
55Rainbow Table Password Cracking
70Try Common(default) Usernames and Passwords
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
CLASPExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITREInternal
updated Common Consequences, Relationships, Other Notes, Taxonomy Mappings
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Allowing Unchecked Password Aging
Back to top