🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Weak Password

NIST has defined a number of criteria for making strong password. These criteria become more complex over the time and password components should keep up with them.

Remediation

At the time of writing, it is required for password to be

  • at least 16 characters in length so it is difficult to brute force
  • not to contain a guessable word
  • not to contain a dictionary word
  • not to be part of a data breach

Metadata

  • Severity: low
  • Slug: weak-password

CWEs

  • 309: Use of Password System for Primary Authentication
  • 521: Weak Password Requirements

OWASP

  • A02:2021: Cryptographic Failures
  • A07:2021: Identification and Authentication Failures

Available Labs

Open Ruby labs in SecDim Play for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.