logo

Database

Weak credential policy

Description

The systems credential policy is not compliant with security regulations.

Impact

Increase the chances of getting valid credentials using brute force or dictionary attacks.

Recommendation

Establish a policy for creation of credentials that uses phrases, not word based passwords.

Threat

Anonymous user from the Internet.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

130 - Limit password lifespan132 - Passphrases with at least 4 words133 - Passwords with at least 20 characters139 - Set minimum OTP length332 - Prevent the use of breached passwords

Fixes

GoJava

Score

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

Attack vector

N

Attack complexity

L

Attack requirements

N

Privileges required

N

User interaction

N

Confidentiality (VC)

L

Integrity (VI)

N

Availability (VA)

N

Confidentiality (SC)

L

Integrity (SI)

N

Availability (SA)

N

Threat 4.0

Exploit maturity

X

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N