Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrVanilla-ctrl00E464CE-53B9-485D-AC62-6467881654C2
HistorySep 13, 2022 - 9:56 a.m.

Password Can be set to very weak

2022-09-1309:56:39
vanilla-ctrl
www.huntr.dev
7
password policy
weak password
security testing
bug bounty

EPSS

0.002

Percentile

57.1%

JSON

Description

For testing the issue, I have used the demo website. In edit user profile section we can set New Password to 1 (Or any character). There is no policy for password or no password checking. Moreover, it also allows us to change password and the new password also can be set with weak password.

Proof of Concept

Access to the demo website and login as an admin. Edit user with New password 1 or any character (short, weak) Try to login with the new user and it succeed.

With normal user, login and try to change password function, it also succeed.

Related

cvelist 1
cve 1
nvd 1
prion 1
osv 1
cvelist
cvelist
CVE-2022-3268 Weak Password Requirements in ikus060/minarca
2022-09-22 09:20:09
cve
cve
CVE-2022-3268
2022-09-22 10:15:09
nvd
nvd
CVE-2022-3268
2022-09-22 10:15:09
prion
prion
Default credentials
2022-09-22 10:15:00
osv
osv
CVE-2022-3268
2022-09-22 10:15:09

EPSS

0.002

Percentile

57.1%

JSON
Related for 00E464CE-53B9-485D-AC62-6467881654C2
cvelist1cve1nvd1prion1osv1