Description

Access and login to the demo website: https://cloudexplorer-lite-demo.fit2cloud.com/

At changing password function, the backend does not verify weak passwords so that user can do:

1/ Set new password as same as old password.

2/ Set new password by one character, such as 1. This case can bypass frontend check.

Proof of Concept

Link video PoC: https://drive.google.com/file/d/1t8Wz8lXIrcfmCRrW07zrsJ38v0ZX7m2h/view?usp=sharing