Weak policy at Change password function in kromitgmbh/titra
Jun 13th 2022
We can register an normal account with >= 8 characters password. But we ccan change password with just 1 character when we use change password function
Proof of Concept
When users change password to a too simple password, attacker can easily guess user password and access account.