Description
Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.
Just as neglecting to include functionality for the management of password aging is dangerous, so is allowing password aging to continue unchecked. Passwords must be given a maximum life span, after which a user is required to update with a new and different password.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit: Low
Related Weaknesses
CWE-287
CWE-404
Consequences
Access Control: Gain Privileges or Assume Identity
As passwords age, the probability that they are compromised grows.
Potential Mitigations
Phase: Architecture and Design
Description:
Ensure that password aging is limited so that there is a defined maximum age for passwords and so that the user is notified several times leading up to the password expiration.
CVE References
