Weak credential policy - Temporary passwords | Fluid Attacks Database

Database

Description

Temporary passwords do not have strong enough security policies.

Impact

Compromise temporary passwords to gain unauthorized access to the application

Recommendation

Set secure temporary passwords by following the recommended best practices.

Threat

Anonymous attacker from the Internet

Expected Remediation Time

⏱️ 30 minutes.

Requirements

130 - Limit password lifespan 132 - Passphrases with at least 4 words 133 - Passwords with at least 20 characters 136 - Force temporary password change 137 - Change temporary passwords of third parties 139 - Set minimum OTP length 332 - Prevent the use of breached passwords

Fixes

Aws Csharp Go Java Python Ruby Scala Typescript