Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-262 (未使用口令老化机制) — Vulnerability Class 5

5 vulnerabilities classified as CWE-262 (未使用口令老化机制). AI Chinese analysis included.

CWE-262 represents a security weakness where software fails to implement password aging mechanisms, allowing credentials to remain valid indefinitely. This vulnerability is typically exploited by attackers who obtain user credentials through phishing, brute force, or data breaches, as the stolen passwords retain access privileges for extended periods without requiring renewal. Without forced rotation, compromised accounts remain accessible until the attacker is detected or the password is manually changed. Developers mitigate this risk by enforcing strict password rotation policies that compel users to update their credentials after a predefined interval, such as thirty or ninety days. Additionally, implementing multi-factor authentication and monitoring for anomalous login activities further reduces the window of opportunity for attackers, ensuring that even if a password is compromised, its utility is significantly limited by time constraints and additional verification layers.

MITRE CWE Description
The product does not have a mechanism in place for managing password aging. Password aging (or password rotation) is a policy that forces users to change their passwords after a defined time period passes, such as every 30 or 90 days. Without mechanisms such as aging, users might not change their passwords in a timely manner. Note that while password aging was once considered an important security feature, it has since fallen out of favor by many, because it is not as effective against modern threats compared to other mechanisms such as slow hashes. In addition, forcing frequent changes can unintentionally encourage users to select less-secure passwords. However, password aging is still in use due to factors such as compliance requirements, e.g., Payment Card Industry Data Security Standard (PCI DSS).
Common Consequences (1)
Access ControlGain Privileges or Assume Identity
As passwords age, the probability that they are compromised grows.
Mitigations (2)
Architecture and DesignAs part of a product's design, require users to change their passwords regularly and avoid reusing previous passwords.
ImplementationDevelopers might disable clipboard paste operations into password fields as a way to discourage users from pasting a password into a clipboard. However, this might encourage users to choose less-secure passwords that are easier to type, and it can reduce the usability of password managers [REF-1294].
Effectiveness: Discouraged Common Practice
Examples (1)
A system does not enforce the changing of passwords every certain period.
CVE IDTitleCVSSSeverityPublished
CVE-2025-60010 Junos OS and Junos OS Evolved: Device allows login for user with expired password — Junos OS 5.4 Medium2025-10-09
CVE-2025-58435 Open OnDemand didn't rotate password for VNC batch_connect — ondemand 8.1AIHighAI2025-09-09
CVE-2023-1555 Missing Authorization in GitLab — GitLab 2.7 Low2023-09-01
CVE-2023-2022 Missing Authorization in GitLab — GitLab 4.3 Medium2023-08-02
CVE-2022-22767 BD Pyxis™ Products – Default Credentials — BD Pyxis™ Anesthesia ES Station 8.8 High2022-06-01

Vulnerabilities classified as CWE-262 (未使用口令老化机制) represent 5 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.