CWE-258
Empty Password in Configuration File
AI Translation Available
Using an empty string as a password is insecure.
Status
incomplete
Abstraction
variant
Likelihood
high
Affected Platforms
Technical Details
AI Translation
Common Consequences
access control
Impacts
gain privileges or assume identity
Potential Mitigations
Phases:
system configuration
Descriptions:
•
Passwords should be at least eight characters long -- the longer the better. Avoid passwords that are in any way similar to other passwords you have. Avoid using words that may be found in a dictionary, names book, on a map, etc. Consider incorporating numbers and/or punctuation into your password. If you do use common words, consider replacing letters in that word with numbers and punctuation. However, do not use "similar-looking" punctuation. For example, it is not a good idea to change cat to c@t, ca+, (@+, or anything similar. Finally, it is never appropriate to use an empty string as a password.