forked from juice-shop/juice-shop
-
Notifications
You must be signed in to change notification settings - Fork 0
/
weakPasswordChallenge.info.yml
12 lines (12 loc) · 1.34 KB
/
weakPasswordChallenge.info.yml
1
2
3
4
5
6
7
8
9
10
11
12
fixes:
- id: 1
explanation: "According to NIST-800-63B, passwords (Memorized Secrets) should be at least eight characters to prevent 'online attacks'. Furthermore, NIST-800-63B requires that passwords don't appear in common dictionaries.
If you want to have more fun with secrets, check out OWASP Wrong Secrets at https://wrongsecrets.fly.dev/, specially challenge 16 and 23."
- id: 2
explanation: "According to NIST-800-63B, passwords (Memorized Secrets) should be at least eight characters to prevent 'online attacks'. Usage of special character tests is not appropriate (anymore) because users tend to find known workarounds like notes with passwords or adding an exclamation mark at the end to add a special character."
- id: 3
explanation: "According to NIST-800-63B, passwords (Memorized Secrets) should be at least eight characters to prevent 'online attacks'. Usage of special character tests is not appropriate (anymore) because users tend to find known workarounds like notes with passwords or adding an exclamation mark at the end to add a special character."
- id: 4
explanation: "According to NIST-800-63B passwords (Memorized Secrets) should be at least 8 characters to prevent 'online attacks'."
hints:
- "NIST Special Publication 800-63B has changed the recommendation for passwords (Memorized Secrets) requirements in 2017."