Weak Password Requirements in erudika/scoold

Valid

Reported on

Jul 30th 2021


✍️ Description

You should check and validate the password when users registering, any user able to use a weak password like aaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords.

💥 Impact

This vulnerability is capable of take control of user's account

We have contacted a member of the erudika/scoold team and are waiting to hear back 2 months ago
amammad
2 months ago

Researcher


Hi dear Alex Bogdanovski . I want to sure that you see this one too.

Alex Bogdanovski validated this vulnerability 2 months ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
Alex Bogdanovski confirmed that a fix has been merged on 3e081e 2 months ago
Alex Bogdanovski has been awarded the fix bounty