Support
Eng
òÕÓ
Company
Home
Services
Solutions
Documentation
News and Events
 
 
 
Knowledgebase
Downloads
Glossary
Ask a Question
Search:     Advanced search
SHALB.com / Security Knowledgebase / Web Application Security / Vulnerability / Password Management Vulnerability / Empty String Password
server monitoring

Empty String Password
Article ID: 201
Last updated: 09 May, 2008
Print
Email to friend
Views: 358
Posted: 09 May, 2008
by: Tech Pubs S.
Updated: 09 May, 2008
by: Tech Pubs S.

Abstract

Using an empty string as a password is insecure.

Description

It is never appropriate to use an empty string as a password. It is too easy to guess. Empty string password makes the authentication as weak as the user names, which are normally public or guessable. This make a brute-force attack against the login interface much easier.
This article was:   Helpful | Not Helpful
Prev   Next
Allowing password aging     Not allowing password aging

server monitoring

¿ 2010 "SHALB.com" All rights reserved
SHALB Home
Services
Solutions
Documentation
News and Events