4.14. Configuration and Policy Security¶
4.14.1. Authentication Policy¶
4.14.1.1. Password Policy¶
Unlimited password minimum digits
Unrestricted password must contain character set
common password
- personal information
Phone number
Birthday
Name
Username
- Common weak passwords not detected
Leaked common passwords
keyboard mode
4.14.1.2. Encryption Implementation¶
Store the private key on the client side
4.14.2. Permission configuration¶
The granularity of the authority of the operation and maintenance personnel is too large
Customer service staff authority granularity is too large
4.14.3. Supply chain security¶
4.14.3.1. Three-party authentication¶
Use the attacked third-party service account to log in to other platform accounts
4.14.3.2. Third Party Libraries/Software¶
No timely updates after the vulnerability was disclosed