Description
Using an empty string as a password is insecure.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit: High
Related Weaknesses
CWE-260
CWE-521
Consequences
Access Control: Gain Privileges or Assume Identity
Potential Mitigations
Phase: System Configuration
Description:
Passwords should be at least eight characters long — the longer the better. Avoid passwords that are in any way similar to other passwords you have. Avoid using words that may be found in a dictionary, names book, on a map, etc. Consider incorporating numbers and/or punctuation into your password. If you do use common words, consider replacing letters in that word with numbers and punctuation. However, do not use “similar-looking” punctuation. For example, it is not a good idea to change cat to c@t, ca+, (@+, or anything similar. Finally, it is never appropriate to use an empty string as a password.
CVE References
