gpw generates shorter passwords than required
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Gpw | Gpw_project | 0.0.19940601-8.1 (including) | 0.0.19940601-8.1 (including) |
| Gpw | Ubuntu | artful | * |
| Gpw | Ubuntu | bionic | * |
| Gpw | Ubuntu | cosmic | * |
| Gpw | Ubuntu | devel | * |
| Gpw | Ubuntu | disco | * |
| Gpw | Ubuntu | eoan | * |
| Gpw | Ubuntu | esm-apps/bionic | * |
| Gpw | Ubuntu | esm-apps/focal | * |
| Gpw | Ubuntu | esm-apps/jammy | * |
| Gpw | Ubuntu | esm-apps/noble | * |
| Gpw | Ubuntu | esm-apps/xenial | * |
| Gpw | Ubuntu | focal | * |
| Gpw | Ubuntu | groovy | * |
| Gpw | Ubuntu | hardy | * |
| Gpw | Ubuntu | hirsute | * |
| Gpw | Ubuntu | impish | * |
| Gpw | Ubuntu | jammy | * |
| Gpw | Ubuntu | kinetic | * |
| Gpw | Ubuntu | lucid | * |
| Gpw | Ubuntu | lunar | * |
| Gpw | Ubuntu | mantic | * |
| Gpw | Ubuntu | maverick | * |
| Gpw | Ubuntu | natty | * |
| Gpw | Ubuntu | noble | * |
| Gpw | Ubuntu | oneiric | * |
| Gpw | Ubuntu | oracular | * |
| Gpw | Ubuntu | precise | * |
| Gpw | Ubuntu | quantal | * |
| Gpw | Ubuntu | raring | * |
| Gpw | Ubuntu | saucy | * |
| Gpw | Ubuntu | trusty | * |
| Gpw | Ubuntu | utopic | * |
| Gpw | Ubuntu | vivid | * |
| Gpw | Ubuntu | wily | * |
| Gpw | Ubuntu | xenial | * |
| Gpw | Ubuntu | yakkety | * |
| Gpw | Ubuntu | zesty | * |
A product’s design should require adherance to an appropriate password policy. Specific password requirements depend strongly on contextual factors, but it is recommended to contain the following attributes:
Depending on the threat model, the password policy may include several additional attributes.
See NIST 800-63B [REF-1053] for further information on password requirements.