CWE-263 – Password Aging with Long Expiration | Common Weakness Enumeration (CWE)

Overview

CWE-263 (Password Aging with Long Expiration) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact: Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The product supports password aging, but the expiration period is too long.

Applicable platforms

Kind	Name	Class	Prevalence	OS / CPE
language	—	Not Language-Specific	Undetermined	—

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE	Published	Summary
CVE-2023-1976	2023-04-11	Password Aging with Long Expiration in GitHub repository answerdev/answer prior to 1.0.6.

Previous names

Allowing Unchecked Password Aging (2008-04-11)

Content submission

Name: CLASP
Date: 2006-07-19
Version: Draft 3

Content modifications

Date	Name	Version	Importance	Comment
2008-09-08	CWE Content Team	1.0	—	updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings
2011-03-29	CWE Content Team	1.12	—	updated Description, Other_Notes, Relationships
2011-06-01	CWE Content Team	1.13	—	updated Common_Consequences
2011-06-27	CWE Content Team	2.0	—	updated Common_Consequences
2012-05-11	CWE Content Team	2.2	—	updated References, Relationships
2014-07-30	CWE Content Team	2.8	—	updated Relationships
2017-11-08	CWE Content Team	3.0	—	updated Applicable_Platforms, Likelihood_of_Exploit, Modes_of_Introduction, Relationships
2020-02-24	CWE Content Team	4.0	—	updated Demonstrative_Examples, References
2020-08-20	CWE Content Team	4.2	—	updated Related_Attack_Patterns
2022-10-13	CWE Content Team	4.9	—	updated Description, Potential_Mitigations, References, Relationships
2023-04-27	CWE Content Team	4.11	—	updated References, Relationships
2023-06-29	CWE Content Team	4.12	—	updated Mapping_Notes
2025-09-09	CWE Content Team	4.18	—	updated Maintenance_Notes, Mapping_Notes, Potential_Mitigations, References
2025-12-11	CWE Content Team	4.19	—	updated Weakness_Ordinalities

Contributions

Type	Name	Date	Comment
Feedback	Kurt Seifried, Chris Eng, G. Ann Campbell, Larry Shields, Jeffrey Walton, Jason Dryhurst-Smith, and other members of the CWE Community	2021-12-03	Gave feedback on how to update CWE-262 and CWE-263 due to changing password management practices
Feedback	Camille Gouttebroze	2025-03-17	suggested removal of password expiration as an acceptable mitigation in CWE-521 and provided references