Weak Password

NIST has defined a number of criteria for making strong password. These criteria become more complex over the time and password components should keep up with them.

Remediation

At the time of writing, it is required for password to be

at least 16 characters in length so it is difficult to brute force
not to contain a guessable word
not to contain a dictionary word
not to be part of a data breach

Metadata

Severity: low
Slug: weak-password

CWEs

309: Use of Password System for Primary Authentication
521: Weak Password Requirements

OWASP

A02:2021: Cryptographic Failures
A07:2021: Identification and Authentication Failures

Available Labs

Open Python labs in SecDim Play for this vulnerability.

medium

Bad password.py

Python Medium Signature

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.