Hello,
i was able to detect another password security issue.
While changing the password the attacker can use the proxy and submit for example password as 1.
Altough there is a passwort policy restriction but i managed to bypass that.
Let me show you :)
As you can see we have a password policy at least 8 characters with one digit.
Lets change the password to 1 by deleting the first newpassword and leaving the confirmation.
After that we will login with the passwort 1 to the app.
changed the passwort from 2 to 1 lets see the reply and output
profile and passwort accepted.
lets login with the username: [email protected]
adn PASS: 1
As you can see the password is 1 lets login.
as you can see we have logged in successfully.
Will show it you again.
Bypass for the strong password policy.
Thank you for watching :)