Weak Password Requirements in erudika/scoold
Jul 30th 2021
You should check and validate the password when users registering, any user able to use a weak password like
aaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords.
This vulnerability is capable of take control of user's account