logo

Database

Weak credential policy - Temporary passwords

Description

Temporary passwords do not have strong enough security policies.

Impact

Compromise temporary passwords to gain unauthorized access to the application

Recommendation

Set secure temporary passwords by following the recommended best practices.

Threat

Anonymous attacker from the Internet

Expected Remediation Time

⏱️ 30 minutes.

Requirements

130 - Limit password lifespan132 - Passphrases with at least 4 words133 - Passwords with at least 20 characters139 - Set minimum OTP length332 - Prevent the use of breached passwords

Fixes

AwsCsharpElixirGoJavaPythonRubyScalaTypescript

Score

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

Attack vector

N

Attack complexity

L

Attack requirements

N

Privileges required

N

User interaction

N

Confidentiality (VC)

L

Integrity (VI)

N

Availability (VA)

N

Confidentiality (SC)

N

Integrity (SI)

N

Availability (SA)

N

Threat 4.0

Exploit maturity

P

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P