Weak Password Requirements (CWE-521) - Security Vulnerability

Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

Without strong password requirements, users often choose weak, easily guessable passwords. This makes brute-force and dictionary attacks more likely to succeed.

Prévalence

Élevée

Fréquemment exploitée

Impact

Élevé

1 règles de sévérité élevée

Prévention

Documentée

2 exemples de correctifs

2 Prévention

Comment corriger cette vulnérabilité

Stratégies de prévention pour Weak Password Requirements basées sur 2 règles de détection Shoulder.

🐹 Go Tout voir Go détails →

Weak Password Policy MEDIUM

Enforce minimum 12-character passwords with complexity requirements

+14 -2 go

  func validatePassword(password string) error {
-     if len(password) < 6 {
-         return errors.New("too short")
+     if len(password) < 12 {
+         return errors.New("password must be at least 12 characters")
+     }
+     var hasUpper, hasLower, hasDigit, hasSpecial bool
+     for _, c := range password {
+         switch {
+         case unicode.IsUpper(c):  hasUpper = true
+         case unicode.IsLower(c):  hasLower = true
+         case unicode.IsDigit(c):  hasDigit = true
+         case unicode.IsPunct(c) || unicode.IsSymbol(c): hasSpecial = true
+         }
+     }
+     if !hasUpper || !hasLower || !hasDigit || !hasSpecial {
+         return errors.New("password must include upper, lower, digit, and special char")
      }
      return nil
  }

🟨 JavaScript Tout voir JavaScript détails →

Weak Password Policy HIGH

Require minimum 12 characters with complexity checks or use a password strength library

+4 -2 javascript

- if (password.length < 6) {
-   throw new Error('Password too short');
+ const zxcvbn = require('zxcvbn');
+ 
+ if (password.length < 12 || zxcvbn(password).score < 3) {
+   throw new Error('Password too weak');
  }

3 Détection

Trouvez les vulnérabilités dans votre code

Utilisez Shoulder pour scanner votre code à la recherche de patterns Weak Password Requirements. 2 règles.

terminal

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=521

# Or scan entire project
npx @shoulderdev/cli trust .

Règles de Détection (2)

🐹 Go 1 rules

Weak Password Policy MEDIUM

Password validation requires fewer than 8 characters.

🟨 Javascript 1 rules

Weak Password Policy HIGH

Detects password validation that lacks proper complexity requirements, making accounts vulnerable to brute force attacks.

🔷 Typescript 1 rules

Weak Password Policy HIGH

Detects password validation that lacks proper complexity requirements, making accounts vulnerable to brute force attacks.

4 Signes d'Alerte

Ce qu'il faut surveiller lors des revues de code

Ces patterns indiquent des vulnérabilités potentielles Weak Password Requirements. Recherchez-les lors des revues de code et des audits de sécurité.

🟠

Password validation at ... lacks proper complexity requirements javascript-weak-password-policy

🟠

password validation that lacks proper complexity requirements, making accounts vulnerable to brute f javascript-weak-password-policy

🔍

Scannez votre base de code pour Weak Password Requirements

Shoulder CLI trouve les motifs vulnérables dans toute votre base de code.

npx shoulder trust Parcourir toutes les règles