Weak Password Policy in polonel/trudesk

Valid

Reported on

May 17th 2022

Description

I would like to let you know about the password management issue.

1- Go to your Profile or https://docker.trudesk.io/profile

2- Give a password as simple as 12345678.

You can see you will be password has been changed and there is no strong enforcement.

This password can easily be cracked using dictionary attack

Use complex password management.

We are processing your report and will contact the polonel/trudesk team within 24 hours. a year ago

Chris assigned a CVE to this report a year ago

Chris validated this vulnerability a year ago

This has been fixed in v1.2.2. I will update this report once it has been released.

Vishal Vishwakarma has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Chris marked this as fixed in 1.2.2 with commit 13dd6c a year ago

Chris has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation