A7:2021 | Identity and Authentication Failure | Cycubix Docs

Identity and Authentication Failure

Common Issues

1. Weak Password Policies: Allowing users to set weak passwords that are easy to guess.

2. Credential Stuffing: Attackers utilizing lists of compromised user credentials to gain unauthorized access.

3. Session Hijacking: Exploiting active sessions to impersonate legitimate users.

Mitigation Strategies

• Enforce Strong Passwords: Implement password complexity requirements.

• Multi-Factor Authentication (MFA): Require additional verification steps beyond just a password.

• Secure Session Management: Use secure cookies and timeout inactive sessions promptly.