Weak Password Policy


The application implements a weak password policy. Without sufficient password complexity, it is significantly easier for an attacker to use brute attacks to determine passwords. Password policy should enforce password complexity including length and mixed character requirements.


A weak password policy increases the probability of an attacker having success using brute force and dictionary attacks against user accounts. An attacker who can determine user passwords can take over a user’s account and potentially access sensitive data in the application.

Risk Rating


How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas



Subscribe here in order to gain access to the AppSec Findings Database

Leave a Reply