Dear Ladies and Gentlemen,
First of all thank you for your time and effort reading my Report.
While doing the Penetration Test i was able to weak Password Policy while Registration and Passwort changing allowing an attacker to easily exploit an account Takeover Vulnerability.
This is due no passport policy is available. The User is has not any strong password policy or least amount of characters to submit as a password. Therefore the user can submit “1” as a Password and it will be accepted. After that an attacker can easily guess and automate the process of guessing the correct password due to the weak Password.
The Process of the Vulnerability:
The Attacker can therefore automate the Process of Password Finding though Burp Suite Intruder due to the weak Password.
Mitigation:
Please set the least amount of characters to be submitted for example 8 characters.
Do not allow to set the password to 1 or easy guessable Password like username.
At the End I want to thank you for your time and effort and hope hearing from you soon.
Best regards
Ahmed Hassan