Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrNehalr7771F6A5E49-23F2-45F7-8661-19F9CEE8AE97
HistorySep 26, 2022 - 6:52 p.m.

Bypassing application logic to set a blank password

2022-09-2618:52:01
nehalr777
www.huntr.dev
6
application logic
password policy
blank password
vulnerability

0.001 Low

EPSS

Percentile

21.6%

JSON

Description

As you many observe that rdiffweb strictly has a password policy where it prompts out that the password should be between 8 and 128 characters . But the application does not filter blank spaces used in a password

Proof of Concept

1) Go to https://rdiffweb-demo.ikus-soft.com/prefs/general
2) Change the password . Old password - admin123 and set the new password as 10 blank spaces(tapping the space bar 10 times)
3) You can see that the application accepts blank spaces in a password and do not scrape them out

Related

cnvd 1
veracode 1
nvd 1
osv 3
cve 1
prion 1
cvelist 1
github 1
cnvd
cnvd
Rdiffweb weak password vulnerability
2022-09-30 00:00:00
veracode
veracode
Authentication Bypass
2022-10-03 03:15:33
nvd
nvd
CVE-2022-3326
2022-09-29 00:15:12
osv
osv
CVE-2022-3326
2022-09-29 00:15:12
rdiffweb vulnerable to password complexity bypass leading to weak passwords
2022-09-30 00:00:47
PYSEC-2022-297
2022-09-29 00:15:00
cve
cve
CVE-2022-3326
2022-09-29 00:15:12
prion
prion
Default credentials
2022-09-29 00:15:00
cvelist
cvelist
CVE-2022-3326 Weak Password Requirements in ikus060/rdiffweb
2022-09-28 23:45:11
github
github
rdiffweb vulnerable to password complexity bypass leading to weak passwords
2022-09-30 00:00:47

0.001 Low

EPSS

Percentile

21.6%

JSON
Related for 1F6A5E49-23F2-45F7-8661-19F9CEE8AE97
cnvd1veracode1nvd1osv3cve1prion1cvelist1github1