Weak policy at Change password function in bookwyrm-social/bookwyrm
Jul 11th 2022
BookWyrm uses weak password policy when allows user to change password with just 1 character through the change password function.
Steps to reproduce
1.Login then go to the Change password page (
2.Enter a character (for example:
1) in the new password field and the same in the confirm password field
3.You will see that the password has been changed successfully.
When users change password to a too simple password, attacker can easily guess user password and access account.
BookWyrm should apply more strict policy in changing password such as the password length must be more than or equal to 8, at least 1 special character, at least 1 number, at least one capital character,...