This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Empty String Password"
From OWASP
Weilin Zhong (talk | contribs) (→Description) |
Weilin Zhong (talk | contribs) |
||
| Line 22: | Line 22: | ||
==Categories== | ==Categories== | ||
| − | [[Category:Password Management | + | [[Category:Password Management Vulnerability]] |
| + | |||
| + | [[Category:Authentication Vulnerability]] | ||
{{Template:Stub}} | {{Template:Stub}} | ||
Revision as of 20:15, 12 June 2006
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
Description
Empty string password makes the authentication as weak as the user names, which are normally public or guessable. This make a brute-force attack against the login interface much easier.
Examples
Related Threats
Attackers try to obtain a log in account of the application.
Related Attacks
- Brute-force Attack against application log in interface.
Related Vulnerabilities
Related Countermeasures
Category:Authentication Strong Password Policy
Categories
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
