Weak Password policy on account registration in answerdev/answer


Reported on

Apr 26th 2023


It was observed that application allows to create account with Blank spaces as password

Proof of Concept

1. Go to https://meta.answer.dev/users/register
2. Create account with 10 blank spaces as password

Application allows to create user account with blank spaces as password


The vulnerability may allow an attacker to guess users’ passwords and gain unauthorized access to the application.

We are processing your report and will contact the answerdev/answer team within 24 hours. 5 months ago
We have contacted a member of the answerdev/answer team and are waiting to hear back 5 months ago
2 months ago


Hi Team, any updates on reported issue? appreciate your reply!

answerdev/answer maintainer validated this vulnerability 2 months ago

Thanks for the feedback!

Mohammed A. Siledar has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
answerdev/answer maintainer marked this as fixed in v1.1.0 with commit 7d23b1 2 months ago
The fix bounty has been dropped
This vulnerability has been assigned a CVE
answerdev/answer maintainer published this vulnerability 2 months ago
to join this conversation