https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Brad+Smalley 2026-04-22T15:36:56Z User contributions MediaWiki 1.27.2 https://wiki.owasp.org/index.php?title=Empty_String_Password&diff=135349 2012-09-05T14:31:20Z

<p>Brad Smalley: corrected grammar</p> <hr /> <div>{{Template:Vulnerability}}<br /> {{Template:Fortify}}<br /> <br /> Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''<br /> <br /> [[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]<br /> <br /> ==Description==<br /> <br /> Using an empty string as a password is insecure.<br /> <br /> It is never appropriate to use an empty string as a password. It is too easy to guess. An empty string password makes the authentication as weak as the user names, which are normally public or guessable. This makes a brute-force attack against the login interface much easier.<br /> <br /> ==Risk Factors==<br /> <br /> TBD<br /> <br /> ==Examples==<br /> <br /> TBD<br /> <br /> ==Related [[Attacks]]==<br /> <br /> * [[Brute force attack]] against application log in interface. <br /> <br /> <br /> ==Related [[Vulnerabilities]]==<br /> <br /> * [[Weak Passwords]]<br /> <br /> <br /> ==Related [[Controls]]==<br /> <br /> * [[:Category:Authentication]]<br /> * [[Strong Password Policy]]<br /> <br /> <br /> ==Related [[Technical Impacts]]==<br /> <br /> * [[Technical Impact 1]]<br /> * [[Technical Impact 2]]<br /> <br /> <br /> ==References==<br /> TBD <br /> <br /> <br /> <br /> __NOTOC__<br /> <br /> <br /> [[Category:OWASP ASDR Project]]<br /> [[Category:Password Management Vulnerability]] <br /> [[Category:Authentication Vulnerability]]<br /> [[Category:Environmental Vulnerability]]<br /> [[Category:Deployment]]<br /> [[Category:Vulnerability]]</div>

Brad Smalley