strong Password Policy Bypass through removing a specific Parameter and setting the Passwort to 1

Hello,

i was able to detect another password security issue.

While changing the password the attacker can use the proxy and submit for example password as 1.

Altough there is a passwort policy restriction but i managed to bypass that.

Let me show you :)

The Password is now 2 lets change it to HACK

As you can see we have a password policy at least 8 characters with one digit.

Lets change the password to 1 by deleting the first newpassword and leaving the confirmation.

After that we will login with the passwort 1 to the app.

lets see :)

changed the passwort from 2 to 1 lets see the reply and output

profile and passwort accepted.

lets login with the username: [email protected]
adn PASS: 1

As you can see the password is 1 lets login.

as you can see we have logged in successfully.

Will show it you again.

Bypass for the strong password policy.

Thank you for watching :)