Weak Password Implimentation in kiwitcms/kiwi
Dec 2nd 2022
Description: We can change the password with just 1 character when we use change password function.
Proof of Concept When you change password, just press any character and then submit. You will see "Your password has been changed".
When users change password to a simple password (with any character or symbol), attacker can easily guess user password and access account.