This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Cornucopia - Ecommerce Website - AT 6"
From OWASP
(Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#73abcc;">Cornucopia - Ecommerce Website - AT 6</span>}} File:Cornucopia_-_Ecommerce_Website_AT_6....") |
|||
Line 57: | Line 57: | ||
</tr> | </tr> | ||
</table> | </table> | ||
− | |||
− | |||
Latest revision as of 16:18, 21 January 2016
Suit: Authentication
Card/Value: 6
Description:
Sven can reuse a temporary password because the user does not have to change it on first use, or it has too long or no expiry.
Technical Note:
Temporary passwords must expire within a suitably short time period. Enforce the changing of temporary passwords on the next use - no user should be utilising a temporary password on a regular or ongoing basis.
References:
OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
---|---|---|---|---|
37 | 2.22 | 50 | 28 | |
45 | ||||
46 | ||||
178 |