We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

Weak Password Requirements in fobybus/social-media-skeleton

Valid

Reported on

Aug 15th 2023

Weak password requirements are password policies that are too lax and allow users to create passwords that are easy to guess or crack. This can make it easier for attackers to gain unauthorized access to accounts and systems.

It was discovered that the validation takes place only on the client side code and not on the server; this may be easily bypassed by using the proxy tools.

Impact

Data breaches. When attackers are able to gain unauthorized access to accounts and systems, they can steal sensitive data, such as credit card numbers, Social Security numbers, and passwords. Identity theft. Attackers who gain access to personal information can use it to commit identity theft. This can lead to a number of problems, such as opening new accounts in your name, filing fraudulent tax returns, and making unauthorized charges on your credit cards.

We are processing your report and will contact the fobybus/social-media-skeleton team within 24 hours. a month ago
We have contacted a member of the fobybus/social-media-skeleton team and are waiting to hear back a month ago
fobybus gave praise a month ago
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
fobybus validated this vulnerability a month ago
zodiac0704 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
fobybus marked this as fixed in 1.0.5 with commit a652e1 a month ago
fobybus has been awarded the fix bounty
This vulnerability will not receive a CVE
This vulnerability is scheduled to go public on Aug 24th 2023
setting.php#L41 has been validated
fobybus published this vulnerability a month ago
to join this conversation