CWE-263

有効期限が長いパスワードのエージング

Password Aging with Long Expiration

脆弱性レビュー中

日本語説明

この製品はパスワードのエージングに対応しているが、有効期限が長すぎる。

パスワードのエージング（またはパスワードのローテーション）とは、30日ごとや90日ごとなど、決められた期間が経過した後、ユーザーにパスワードの変更を強制するポリシーのことである。有効期限が長いと、ユーザが新しいパスワードへの変更を強制される前に、攻撃者がパスワード・クラッキングを行う時間が長くなります。

パスワードのエージングは、かつては重要なセキュリティ機能だと考えられていましたが、スローハッシュのような他の仕組みと比べると、現代の脅威に対してそれほど効果的でないため、多くの人に支持されなくなりました。加えて、頻繁な変更を強制することは、ユーザがより安全でないパスワードを選択することを無意識に促す可能性がある。しかし、Payment Card Industry Data Security Standard（PCI DSS）などのコンプライアンス要件などの要因により、パスワードのエージングは依然として使用されている。

原文 (English)

The product supports password aging, but the expiration period is too long.

Password aging (or password rotation) is a policy that forces users to change their passwords after a defined time period passes, such as every 30 or 90 days. A long expiration provides more time for attackers to conduct password cracking before users are forced to change to a new password.

Note that while password aging was once considered an important security feature, it has since fallen out of favor by many, because it is not as effective against modern threats compared to other mechanisms such as slow hashes. In addition, forcing frequent changes can unintentionally encourage users to select less-secure passwords. However, password aging is still in use due to factors such as compliance requirements, e.g., Payment Card Industry Data Security Standard (PCI DSS).

関連する脆弱性

想定される影響

Scope: Access Control / Impact: Gain Privileges or Assume Identity

対策・緩和策

Previously, "password expiration" was
widely advocated as a defense-in-depth approach to
minimize the risk of weak passwords, and it has become
a common practice. Password expiration requires a
password to be changed within a fixed time window (such
as every 90 days). However, this approach has
significant limitations in the current threat
landscape, and its utility has been reduced in light of
the adoption of related protection mechanisms (such as
password complexity and computational effort), along
with the recognition that regular password changes
often caused users to generate more predictable
passwords. As a result, this is now a Discouraged
Common Practice [REF-1488] [REF-1489], especially as
the sole factor in protecting passwords. It is still
strongly encouraged to force password changes in case
of evidence of compromise, but this is not the same as
a forced "expiration" on an arbitrary time
frame.

Ensure that password aging is limited so that there is a defined maximum age for passwords. Note that if the expiration window is too short, it can cause users to generate poor or predictable passwords.

Ensure that the user is notified several times leading up to the password expiration.

Create mechanisms to prevent users from reusing passwords or creating similar passwords.

Developers might disable clipboard paste operations into password fields as a way to discourage users from pasting a password into a clipboard. However, this might encourage users to choose less-secure passwords that are easier to type, and it can reduce the usability of password managers [REF-1294].

外部リンク

MITRE公式ページ — CWE-263