Weak Password Requirements in notrinos/notrinoserp
Valid
Reported on
Aug 18th 2022
Description
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.
Proof of Concept
Steps to reproduce
1. Login to admin account.
2. Drom user account setup create a new user.
3. Full the form username `user3` and password single character `a`.
4. Account created successfully without any password restriction.

Impact
An attacker could easily guess user passwords and gain access user accounts.
References
We are processing your report and will contact the
notrinos/notrinoserp
team within 24 hours.
9 months ago
We have contacted a member of the
notrinos/notrinoserp
team and are waiting to hear back
9 months ago
Thanks @0xcybery for detecting this, will fix it soon
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
The researcher's credibility has increased: +7
to join this conversation