Weak Password Requirements (CWE-521) - Security Vulnerability

Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

Without strong password requirements, users often choose weak, easily guessable passwords. This makes brute-force and dictionary attacks more likely to succeed.

Prevalência

Alta

Frequentemente explorada

Impacto

Alto

1 regras de severidade alta

Prevenção

Documentada

2 exemplos de correção

2 Prevenção

Como corrigir esta vulnerabilidade

Estratégias de prevenção para Weak Password Requirements baseadas em 2 regras de detecção do Shoulder.

🐹 Go Ver tudo Go detalhes →

Weak Password Policy MEDIUM

Enforce minimum 12-character passwords with complexity requirements

+14 -2 go

  func validatePassword(password string) error {
-     if len(password) < 6 {
-         return errors.New("too short")
+     if len(password) < 12 {
+         return errors.New("password must be at least 12 characters")
+     }
+     var hasUpper, hasLower, hasDigit, hasSpecial bool
+     for _, c := range password {
+         switch {
+         case unicode.IsUpper(c):  hasUpper = true
+         case unicode.IsLower(c):  hasLower = true
+         case unicode.IsDigit(c):  hasDigit = true
+         case unicode.IsPunct(c) || unicode.IsSymbol(c): hasSpecial = true
+         }
+     }
+     if !hasUpper || !hasLower || !hasDigit || !hasSpecial {
+         return errors.New("password must include upper, lower, digit, and special char")
      }
      return nil
  }

🟨 JavaScript Ver tudo JavaScript detalhes →

Weak Password Policy HIGH

Require minimum 12 characters with complexity checks or use a password strength library

+4 -2 javascript

- if (password.length < 6) {
-   throw new Error('Password too short');
+ const zxcvbn = require('zxcvbn');
+ 
+ if (password.length < 12 || zxcvbn(password).score < 3) {
+   throw new Error('Password too weak');
  }

3 Detecção

Encontre vulnerabilidades no seu código

Use o Shoulder para escanear seu código em busca de padrões Weak Password Requirements. 2 regras.

terminal

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=521

# Or scan entire project
npx @shoulderdev/cli trust .

Regras de Detecção (2)

🐹 Go 1 rules

Weak Password Policy MEDIUM

Password validation requires fewer than 8 characters.

🟨 Javascript 1 rules

Weak Password Policy HIGH

Detects password validation that lacks proper complexity requirements, making accounts vulnerable to brute force attacks.

🔷 Typescript 1 rules

Weak Password Policy HIGH

Detects password validation that lacks proper complexity requirements, making accounts vulnerable to brute force attacks.

4 Sinais de Alerta

O que observar nas revisões de código

Estes padrões indicam vulnerabilidades potenciais de Weak Password Requirements. Procure-os durante revisões de código e auditorias de segurança.

🟠

Password validation at ... lacks proper complexity requirements javascript-weak-password-policy

🟠

password validation that lacks proper complexity requirements, making accounts vulnerable to brute f javascript-weak-password-policy

🔍

Escaneie seu código para Weak Password Requirements

O Shoulder CLI encontra padrões vulneráveis em todo o seu código.

npx shoulder trust Ver todas as regras