This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - AT 6

From OWASP
Revision as of 16:18, 21 January 2016 by Dariodf (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Cornucopia - Ecommerce Website AT 6.png

Suit: Authentication

Card/Value: 6

Description:

Sven can reuse a temporary password because the user does not have to change it on first use, or it has too long or no expiry.

Technical Note:

Temporary passwords must expire within a suitably short time period. Enforce the changing of temporary passwords on the next use - no user should be utilising a temporary password on a regular or ongoing basis.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
37 2.22 50 28
45
46
178



« Previous Card | Authentication | Next Card »
Retrieved from "https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_AT_6&oldid=207174"