Empty Password in Configuration File |
Weakness ID: 258 (Weakness Variant) | Status: Incomplete |
Passwords should be at least eight characters long -- the longer the better. Avoid passwords that are in any way similar to other passwords you have. Avoid using words that may be found in a dictionary, names book, on a map, etc. Consider incorporating numbers and/or punctuation into your password. If you do use common words, consider replacing letters in that word with numbers and punctuation. However, do not use "similar-looking" punctuation. For example, it is not a good idea to change cat to c@t, ca+, (@+, or anything similar. Finally, it is never appropriate to use an empty string as a password. |
Ordinality | Description |
---|---|
Primary | (where the weakness exists independent of other weaknesses) |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Category | 254 | Security Features | Seven Pernicious Kingdoms (primary)700 |
ChildOf | Weakness Variant | 260 | Password in Configuration File | Development Concepts (primary)699 Research Concepts (primary)1000 |
ChildOf | Weakness Base | 521 | Weak Password Requirements | Research Concepts1000 |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
7 Pernicious Kingdoms | Password Management: Empty Password in Configuration File |
J. Viega and G. McGraw. "Building Secure Software: How to Avoid Security Problems the Right Way". 2002. |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
7 Pernicious Kingdoms | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, Other Notes, Taxonomy Mappings, Weakness Ordinalities | ||||
2009-10-29 | CWE Content Team | MITRE | Internal | |
updated Other Notes, Potential Mitigations |