2 matches found
CVE-2024-52008 Password Policy Bypass Vulnerability in Fides Webserver
Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API cal...
CVE-2024-52008
Fides (open-source privacy engineering platform) has a password policy bypass in its invite flow. The /api/v1/user/accept-invite endpoint does not enforce the server-side password policy, allowing an invited user to set an arbitrarily weak password during initial account setup despite UI client-s...