Category: SFP Secondary Cluster: Insecure Authentication Policy

Incomplete

Summary

This category identifies Software Fault Patterns (SFPs) within the Insecure Authentication Policy cluster.

Membership

ID	Name	Description
CWE-262	Not Using Password Aging	This vulnerability occurs when a system lacks password expiration policies, allowing users to keep the same password indefinitely.
CWE-263	Password Aging with Long Expiration	The system enforces password changes, but the time allowed between changes is excessively long, weakening security.
CWE-521	Weak Password Requirements	This vulnerability occurs when an application fails to enforce strong password policies, making user accounts easier to compromise through guessing or automated attacks.
CWE-556	ASP.NET Misconfiguration: Use of Identity Impersonation	This vulnerability occurs when an ASP.NET application is configured to run using impersonated credentials, which can grant the application excessive and unnecessary system privileges.
CWE-613	Insufficient Session Expiration	Insufficient session expiration occurs when an application allows old session tokens or IDs to remain valid for too long, letting attackers reuse them to gain unauthorized access.
CWE-645	Overly Restrictive Account Lockout Mechanism	This vulnerability occurs when an application's account lockout feature is too strict, allowing attackers to easily trigger it and lock legitimate users out of their accounts, causing a denial of service.
CWE-888	Software Fault Pattern (SFP) Clusters	CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).

Vulnerability Mapping Notes

Usage: Prohibited

Reasons: Category

Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.

Comment:

See member weaknesses of this category.