CWE-309: Use of Password System for Primary Authentication
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The use of password systems as the primary means of authentication may be subject to several flaws or shortcomings, each reducing the effectiveness of the mechanism.
常见后果
影响范围: Access Control
技术影响: Bypass Protection Mechanism Gain Privileges or Assume Identity
说明: A password authentication mechanism error will almost always result in attackers being authorized as valid users.
潜在缓解措施
阶段: Architecture and Design
阶段: Architecture and Design
描述: Use a zero-knowledge password protocol, such as SRP.
阶段: Architecture and Design
描述: Ensure that passwords are stored safely and are not reversible.
阶段: Architecture and Design
描述: Implement password aging functionality that requires passwords be changed after a certain point.
阶段: Architecture and Design
描述: Use a mechanism for determining the strength of a password and notify the user of weak password use.
阶段: Architecture and Design
描述: Inform the user of why password protections are in place, how they work to protect data integrity, and why it is important to heed their warnings.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CLASP | - | Using password systems | - |
| OWASP Top Ten 2004 | A3 | Broken Authentication and Session Management | CWE More Specific |
关键信息
CWE ID: CWE-309
抽象级别: Base
结构: Simple
状态: Draft
利用可能性: High