Cornucopia - Ecommerce Website - AT 6
Sven can reuse a temporary password because the user does not have to change it on first use, or it has too long or no expiry.
Temporary passwords must expire within a suitably short time period. Enforce the changing of temporary passwords on the next use - no user should be utilising a temporary password on a regular or ongoing basis.
|OWASP SCP||OWASP ASVS||OWASP AppSensor||CAPEC||SAFECODE|