3 matches found
CVE-2022-22110
In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’...
CVE-2022-22110 DayByDay CRM - Weak Password Requirements in Update User
In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’...
CVE-2022-22110
CVE-2022-22110 affects Daybyday CRM; versions 1.1–2.2.0 are impacted due to weak password validation in the user-password update flow. The underlying issue is insufficient enforcement of password strength during password changes performed by users with update privileges, enabling the use of very ...