We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

/

Weak Password Requirements in erudika/scoold

Valid

Reported on

Jul 30th 2021

✍️ Description

You should check and validate the password when users registering, any user able to use a weak password like aaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords.

💥 Impact

This vulnerability is capable of take control of user's account

Occurrences

ScooldServer.java L1

We have contacted a member of the erudika/scoold team and are waiting to hear back 2 years ago

commented 2 years ago

Researcher

Hi dear Alex Bogdanovski . I want to sure that you see this one too.

Alex Bogdanovski validated this vulnerability 2 years ago

amammad has been awarded the disclosure bounty

The fix bounty is now up for grabs

Alex Bogdanovski marked this as fixed with commit 3e081e 2 years ago

Alex Bogdanovski has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation

We have contacted a member of the erudika/scoold team and are waiting to hear back 2 years ago

commented 2 years ago

Researcher

Hi dear Alex Bogdanovski . I want to sure that you see this one too.

Alex Bogdanovski validated this vulnerability 2 years ago

amammad has been awarded the disclosure bounty

The fix bounty is now up for grabs

Alex Bogdanovski marked this as fixed with commit 3e081e 2 years ago

Alex Bogdanovski has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation