CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.6)  

Presentation Filter:

CWE-263: Password Aging with Long Expiration

 
Password Aging with Long Expiration
Weakness ID: 263 (Weakness Base)Status: Draft
+ Description

Description Summary

Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.

Extended Description

Just as neglecting to include functionality for the management of password aging is dangerous, so is allowing password aging to continue unchecked. Passwords must be given a maximum life span, after which a user is required to update with a new and different password.

+ Time of Introduction
  • Architecture and Design
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect
Access Control

Technical Impact: Gain privileges / assume identity

As passwords age, the probability that they are compromised grows.

+ Likelihood of Exploit

Very Low

+ Demonstrative Examples

Example 1

A common example is not having a system to terminate old employee accounts.

Example 2

Not having a system for enforcing the changing of passwords every certain period.

+ Potential Mitigations

Phase: Architecture and Design

Ensure that password aging is limited so that there is a defined maximum age for passwords and so that the user is notified several times leading up to the password expiration.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory255Credentials Management
Development Concepts (primary)699
ChildOfWeakness ClassWeakness Class287Improper Authentication
Research Concepts (primary)1000
ChildOfWeakness BaseWeakness Base404Improper Resource Shutdown or Release
Research Concepts1000
ChildOfCategoryCategory898SFP Cluster: Authentication
Software Fault Pattern (SFP) Clusters (primary)888
MemberOfViewView884CWE Cross-section
CWE Cross-section (primary)884
PeerOfWeakness VariantWeakness Variant262Not Using Password Aging
Research Concepts1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CLASPAllowing password aging
+ References
[REF-17] Michael Howard, David LeBlanc and John Viega. "24 Deadly Sins of Software Security". "Sin 19: Use of Weak Password-Based Systems." Page 279. McGraw-Hill. 2010.
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
CLASPExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITREInternal
updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings
2011-03-29CWE Content TeamMITREInternal
updated Description, Other_Notes, Relationships
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2011-06-27CWE Content TeamMITREInternal
updated Common_Consequences
2012-05-11CWE Content TeamMITREInternal
updated References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Allowing Unchecked Password Aging
Page Last Updated: February 18, 2014