CWE-263 1 個 CVE MITRE 定義 ↗

CWE-263:Password Aging with Long Expiration

概覽

CWE-263(Password Aging with Long Expiration)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product supports password aging, but the expiration period is too long.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2023-1976 2023-04-11 Password Aging with Long Expiration in GitHub repository answerdev/answer prior to 1.0.6.

曾用名

  • Allowing Unchecked Password Aging (2008-04-11)

內容提交

名稱
CLASP
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-09-08 CWE Content Team 1.0 updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings
2011-03-29 CWE Content Team 1.12 updated Description, Other_Notes, Relationships
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2011-06-27 CWE Content Team 2.0 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated References, Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Likelihood_of_Exploit, Modes_of_Introduction, Relationships
2020-02-24 CWE Content Team 4.0 updated Demonstrative_Examples, References
2020-08-20 CWE Content Team 4.2 updated Related_Attack_Patterns
2022-10-13 CWE Content Team 4.9 updated Description, Potential_Mitigations, References, Relationships
2023-04-27 CWE Content Team 4.11 updated References, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-09-09 CWE Content Team 4.18 updated Maintenance_Notes, Mapping_Notes, Potential_Mitigations, References
2025-12-11 CWE Content Team 4.19 updated Weakness_Ordinalities

貢獻

類型 名稱 日期 評論
Feedback Kurt Seifried, Chris Eng, G. Ann Campbell, Larry Shields, Jeffrey Walton, Jason Dryhurst-Smith, and other members of the CWE Community 2021-12-03 Gave feedback on how to update CWE-262 and CWE-263 due to changing password management practices
Feedback Camille Gouttebroze 2025-03-17 suggested removal of password expiration as an acceptable mitigation in CWE-521 and provided references
cvelogic Threat Intelligence