Home > cards > AT6

AUTHENTICATION (AT6)

Sven can reuse a temporary password because the user does not have to change it on first use, or it has too long or no expiry, or it does not use an out-of-band delivery method (e.g. post, mobile app, SMS)

AUTHENTICATION

6

Sven can reuse a temporary password because the user does not have to change it on first use, or it has too long or no expiry, or it does not use an out-of-band delivery method (e.g. post, mobile app, SMS)

OWASP SCP

37,45,46,178

OWASP ASVS

2.5.6

OWASP AppSensor

CAPEC

-

SAFECODE

28

AUTHENTICATION

6

Sven can reuse a temporary password because the user does not have to change it on first use, or it has too long or no expiry, or it does not use an out-of-band delivery method (e.g. post, mobile app, SMS)

OWASP SCP

37,45,46,178

OWASP ASVS

2.5.6

OWASP AppSensor

CAPEC

-

SAFECODE

28

Temporary passwords must expire within a suitably short time period. Enforce the changing of temporary passwords on the next use - no user should be utilising a temporary password on a regular or ongoing basis.

Mappings

OWASP ASVS (4.0): 2.5.6

Capec: 50

OWASP SCP: 37,45,46,178

OWASP Appsensor:

Safecode: 28

ASVS (4.0) Cheatsheetseries Index

ASVS V2.5 - Credential Recovery Requirements

No suitable mappings were found.

Attacks

Password Guessing/Brute Force Attacks

Account Takeover (ATO) Attacks

Insider Threats

View source on GitHub