Weak Password Policy in kromitgmbh/titra
Jun 8th 2022
This page is using a weak password. Acunetix was able to guess the credentials required to access this page. A weak password is short, common, a system default, or something that could be rapidly guessed by executing a brute force attack using a subset of all possible passwords, such as words in the dictionary, proper names, words based on the user name or common variations on these themes.
Proof of Concept
1. Go to https://app.titra.io/join 2. Register a new account with a weak password, such as 123456 3. We can register success
- An attacker could easily guess user passwords and gain access user accounts.