Description

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

Proof of Concept

Steps to reproduce

1. Login to admin account.
2. Drom user account setup create a new user.
3. Full the form username `user3` and password single character `a`.
4. Account created successfully without any password restriction.