weak Password Policy while creating a new User with the Admin Account in thorsten/phpmyfaq
Reported on
Mar 10th 2023
Hello,
I was able to detect weak Password Policy while allowing an administrator to create a new account.
Lets create an account, set the Password to 1 and login with it.
As you can see its number 1. When i click set it will not accept
We need to specify that the user will change his password after login.
Then the password field will be hidden and the password 1 will be accepted.
Lets see.
User created successfully with a weak password policy and password 1 -> lets try to login.
user: ahmed2 pass: 1
we are successfully logged in
Thank you for watching.
Impact
Hello,
I was able to detect weak Password Policy while allowing an administrator to create a new account.
Lets create an account, set the Password to 1 and login with it.
As you can see its number 1. When i click set it will not accept
We need to specify that the user will change his password after login.
Then the password field will be hidden and the password 1 will be accepted.
Lets see.
User created successfully with a weak password policy and password 1 -> lets try to login.
user: ahmed2 pass: 1
we are successfully logged in
Thank you for watching.