Password Policy Password Hint contains password

Rule ID

SF-0182

Impact

Potential vulnerability when accessing accounts.

Remediation

Restrict the answer to the password hint question to “DoesNotContainPassword”.

Time to fix

30 min

References

This rule is linked to Common Weakness Enumeration CWE-521 Weak Password Requirements.