This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Password Management: Empty Password in Configuration File"

From OWASP
Jump to: navigation, search
(Added contents from Fortify.)
 
Line 2: Line 2:
 
{{Template:Fortify}}
 
{{Template:Fortify}}
  
==Abstract==
+
#Redirect [[Empty String Password]]
 
 
Using an empty string as a password is insecure.
 
 
 
==Description==
 
 
 
It is never appropriate to use an empty string as a password. It is too easy to guess and make the application vulnerable to brute-force password guessing attack.
 
 
 
==Examples ==
 
 
 
==Related Threats==
 
 
 
==Related Attacks==
 
 
 
==Related Vulnerabilities==
 
 
 
==Related Countermeasures==
 
 
 
==Categories==
 
 
 
[[Category:Environmental Vulnerability]]
 
[[Category:Deployment]]
 
[[Category:Password Management Vulnerability]]
 
[[Category:Authentication Vulnerability]]
 

Revision as of 18:33, 21 July 2006

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

This article includes content generously donated to OWASP by MicroFocus Logo.png
  1. Redirect Empty String Password
Retrieved from "https://wiki.owasp.org/index.php?title=Password_Management:_Empty_Password_in_Configuration_File&oldid=7775"