BaseDraft
CWE-262Not Using Password Aging
Category: auth
Description
The product does not have a mechanism in place for managing password aging.
Common consequences· 1
- Access Control — Gain Privileges or Assume IdentityAs passwords age, the probability that they are compromised grows.
Potential mitigations· 2
- [Architecture and Design]As part of a product's design, require users to change their passwords regularly and avoid reusing previous passwords.
- [Implementation]Developers might disable clipboard paste operations into password fields as a way to discourage users from pasting a password into a clipboard. However, this might encourage users to choose less-secure passwords that are easier to type, and it can reduce the usability of password managers [REF-1294].
Related CAPEC attack patterns· 12
References
Exploits (incoming)12
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | Remote Services with Stolen Credentialscapec-555 | 100% | live |
| AttackPattern | Dictionary-based Password Attackcapec-16 | 100% | live |
| AttackPattern | Use of Known Operating System Credentialscapec-653 | 100% | live |
| AttackPattern | Rainbow Table Password Crackingcapec-55 | 100% | live |
| AttackPattern | Credential Stuffingcapec-600 | 100% | live |
| AttackPattern | Windows Admin Shares with Stolen Credentialscapec-561 | 100% | live |
| AttackPattern | Use of Known Domain Credentialscapec-560 | 100% | live |
| AttackPattern | Password Sprayingcapec-565 | 100% | live |
| AttackPattern | Try Common or Default Usernames and Passwordscapec-70 | 100% | live |
| AttackPattern | Kerberoastingcapec-509 | 100% | live |
| AttackPattern | Password Brute Forcingcapec-49 | 100% | live |
| AttackPattern | Use of Known Kerberos Credentialscapec-652 | 100% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.