Weak Password Requirements in erudika/scoold


Reported on

Jul 30th 2021

✍️ Description

You should check and validate the password when users registering, any user able to use a weak password like aaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords.

💥 Impact

This vulnerability is capable of take control of user's account

We have contacted a member of the erudika/scoold team and are waiting to hear back 2 years ago
2 years ago


Hi dear Alex Bogdanovski . I want to sure that you see this one too.

Alex Bogdanovski validated this vulnerability 2 years ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
Alex Bogdanovski marked this as fixed with commit 3e081e 2 years ago
Alex Bogdanovski has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation