![]() ![]() * Uses plain text, encrypted, or weakly hashed passwords (see A3:2017-Sensitive Data Exposure). * Uses weak or ineffective credential recovery and forgot-password processes, such as “knowledge-based answers”, which cannot be made safe. ![]() * Permits default, weak, or well-known passwords, such as “Password1” or “admin/admin“. ![]() * Permits brute force or other automated attacks. * Permits automated attacks such as credential stuffing, where the attacker has a list of valid usernames and passwords. There may be authentication weaknesses if the application: Confirmation of the user’s identity, authentication, and session management are critical to protect against authentication-related attacks. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |