CWE-1391

Use of Weak Credentials

The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker.

Mitigation

Phases: Architecture and Design, Operation

Description:

  • When the user changes or sets a password, check the password against a database of already compromised or breached passwords. These passwords are likely to be used in password guessing attacks.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page