| CARVIEW |
Select Language
HTTP/2 200
date: Sun, 12 Oct 2025 05:06:11 GMT
content-type: text/html; charset=utf-8
cf-ray: 98d41102da04c7d4-BLR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
age: 0
cache-control: max-age=600
expires: Sun, 12 Oct 2025 05:16:11 GMT
last-modified: Thu, 09 Oct 2025 23:50:10 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
permissions-policy: geolocation=(self)
referrer-policy: same-origin
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-fastly-request-id: 2194cf216f9d7d18d0eee3b9d3fca6c278931123
x-frame-options: SAMEORIGIN
x-github-request-id: D67E:2F1BFB:73380:901C7:68EB373F
x-origin-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-bom-vanm7210049-BOM
x-timer: S1760245571.097223,VS0,VE287
content-encoding: gzip
Empty String Password | OWASP Foundation
This website uses cookies to analyze our traffic and only share that information with our analytics partners.
Acceptx
Empty String Password
NVD Categorization
CWE-20: Improper Input Validation: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Description
Using an empty string as a password is insecure. It is never appropriate to use an empty string as a password. It is too easy to guess. An empty string password makes the authentication as weak as the user names, which are normally public or guessable. This makes a brute-force attack against the login interface much easier.
The OWASP® Foundation works to improve the security of software through its community-led open source software projects,
hundreds of chapters worldwide, tens of thousands of members, and by hosting local and global conferences.