CWE-309

一次認証におけるパスワードシステムの使用

Use of Password System for Primary Authentication

脆弱性レビュー中

日本語説明

主な認証手段としてパスワード・システムを使用する場合、いくつかの欠陥や欠点があり、それぞれがメカニズムの有効性を低下させる。

原文 (English)

The use of password systems as the primary means of authentication may be subject to several flaws or shortcomings, each reducing the effectiveness of the mechanism.

関連する脆弱性

想定される影響

Scope: Access Control / Impact: Bypass Protection Mechanism; Gain Privileges or Assume Identity

対策・緩和策

In order to protect password systems from compromise, the following should be noted:

Use a zero-knowledge password protocol, such as SRP.

Ensure that passwords are stored safely and are not reversible.

Implement password aging functionality that requires passwords be changed after a certain point.

Use a mechanism for determining the strength of a password and notify the user of weak password use.

Inform the user of why password protections are in place, how they work to protect data integrity, and why it is important to heed their warnings.

外部リンク

MITRE公式ページ — CWE-309