# Weak Password Requirements (CWE-521)

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

**Stack:** Go

- Prevalence: उच्च बार-बार शोषित
- Impact: उच्च 1 उच्च गंभीरता वाले नियम
- Prevention: प्रलेखित 2 फिक्स उदाहरण

**OWASP:** Identification and Authentication Failures (A07:2021-Identification and Authentication Failures) - #7

## Description

Without strong password requirements, users often choose weak, easily guessable passwords. This makes brute-force and dictionary attacks more likely to succeed.

## Prevention

1 Shoulder डिटेक्शन नियमों पर आधारित Weak Password Requirements के लिए रोकथाम रणनीतियाँ।

### Go

Enforce minimum 12-character passwords with complexity requirements

## Consequences

- विशेषाधिकार प्राप्त करना
- सुरक्षा तंत्र को बायपास करना

## Mitigations

- न्यूनतम पासवर्ड लंबाई लागू करें (12 या अधिक वर्ण अनुशंसित)
- पासवर्डों की ज्ञात breach डेटाबेस से जाँच करें
- बहु-कारक प्रमाणीकरण लागू करें

## Detection

- Total rules: 2
- Languages: go, javascript, typescript

## Rules by Language

### Go (1 rules)

- **Weak Password Policy** [MEDIUM]: Password validation requires fewer than 8 characters.
  - Remediation: Enforce minimum password length of 12+ characters with complexity requirements.

```go
func validatePassword(password string) error {
    if len(password) < 12 {
        return errors.New("password must be at least 12 characters")
    }
    // Add complexity checks: uppercase, lowercase, digit, special char
    return nil
}
```

Learn more: https://shoulder.dev/learn/go/cwe-521/weak-password-policy