Lucene search
Ahmedvienna01D6AE23-3A8F-42A8-99F4-10246187D71BHistoryMar 10, 2023 - 8:17 a.m.
weak Password Policy while creating a new User with the Admin Account
2023-03-1008:17:37
ahmedvienna
www.huntr.dev
6
password policy
user creation
admin account
weak password
login restriction
bug bounty
0.002 Low
EPSS
Percentile
54.8%
Hello,
I was able to detect weak Password Policy while allowing an administrator to create a new account.
Lets create an account, set the Password to 1 and login with it.
As you can see its number 1. When i click set it will not accept
We need to specify that the user will change his password after login.
Then the password field will be hidden and the password 1 will be accepted.
Lets see.
User created successfully with a weak password policy and password 1 -> lets try to login.
user: ahmed2
pass: 1
we are successfully logged in
Thank you for watching.
Related
cve
cve
CVE-2023-1753
2023-03-31 01:15:09
osv
osv
CVE-2023-1753
2023-03-31 01:15:09
phpMyFAQ has weak password requirements
2023-03-31 03:30:31
cvelist
cvelist
CVE-2023-1753 Weak Password Requirements in thorsten/phpmyfaq
2023-03-31 00:00:00
prion
prion
Default credentials
2023-03-31 01:15:00
github
github
phpMyFAQ has weak password requirements
2023-03-31 03:30:31
nvd
nvd
CVE-2023-1753
2023-03-31 01:15:09
veracode
veracode
Weak Password Requirements
2023-04-07 06:55:55
openvas
openvas
phpMyFAQ < 3.1.12 Multiple Vulnerabilities
2023-04-04 00:00:00