GHSA-V7VM-RHMG-8J2R Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API
Summary The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API calls can circumvent these checks, enabling the...