Access control enforced by presentation layer Overview Enforcing access control in the presentation layer means that the developer does not show...

Allowing password aging Overview Allowing password aging to occur unchecked can result in the possibility of diminished password integrity. ...

Authentication bypass by alternate name Resource has multiple names and not all names are enforcing authentication when being accessed. ...

Comprehensive list of Threats to Authentication Procedures and Data Background There is a bewildering array of tricks, techniques, and...

Empty String Password Abstract Using an empty string as a password is insecure. Description It is never appropriate to use an empty string...

Not allowing password aging Overview If no mechanism is in place for managing password aging, users will have no incentive to update passwords in...

Reflection attack in an auth protocol Overview Simple authentication protocols are subject to reflection attacks if a malicious user can use the...

Using password systems Overview The use of password systems as the primary means of authentication may be subject to several flaws or...

Using single-factor authentication Overview The use of single-factor authentication can lead to unnecessary risk of compromise when compared with...

Hardcoded Password Abstract Hardcoded passwords may compromise system security in a way that cannot be easily remedied. Description It is...