Weak Password Policy in polonel/trudesk
May 17th 2022
I would like to let you know about the password management issue.
Proof of Concept
1- Go to your Profile or https://docker.trudesk.io/profile
2- Give a password as simple as 12345678.
You can see you will be password has been changed and there is no strong enforcement.
This password can easily be cracked using dictionary attack
Use complex password management.