Weak Password Policy in publify/publify
May 22nd 2022
I would like to let you know about the password management issue.
Proof of Concept
1- Go to your Profile or https://demo-publify.herokuapp.com
2- Give a password as simple as 12345678.
You can see you will be password has been changed and there is no strong enforcement
This password can easily be cracked using dictionary attack
Use complex password management.
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
Matijs van Zuijlen validated this vulnerability 2 months ago
Vishal Vishwakarma has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Matijs van Zuijlen marked this as fixed in 9.2.10 with commit 8905e4 2 months ago
This vulnerability has been assigned a CVE
to join this conversation