CWE-521β€”Weak Password Requirements

PUBLISHEDweakness record
released 2006-07-19 Β· last modified 2025-12-11
CWE-521 - Weak Password Requirements - Diagram

Metadata

CWE ID:
CWE-521
Abstraction:
Base
Structure:
Simple
Status:
Draft
Release Date:
2006-07-19
Latest Modification Date:
2025-12-11

Weakness Name

Weak Password Requirements

Description

The product does not require that users should have strong passwords.

Common Consequences

Scope:
Access Control
Impact:
Gain Privileges or Assume Identity
Notes:
An attacker could easily guess user passwords and gain access user accounts.

Related Weaknesses