EPSS
Percentile
61.7%
calibreweb is vulnerable to Weak Password Requirements. The vulnerability exists in the generate_random_password function of helper.py, which allows users to create weak passwords resulting in account takeovers via bruteforce attacks.
generate_random_password
helper.py
github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e
github.com/janeczku/calibre-web/commit/8ee34bf428f4bdb43c5b4d3841f5c4e063d21921
huntr.dev/bounties/c3d5c647-7557-40a9-aee4-24dc14882781
huntr.dev/bounties/c3d5c647-7557-40a9-aee4-24dc14882781/