Weak Password Recovery Mechanism for Forgotten Password in babybuddy/babybuddyValid
Sep 15th 2021
Weak password implementation
Proof of Concept
step 1: login into account step 2: goto settings http://demo.baby-buddy.net/user/password/ step 3: change password admin to 12 and save changes step 4: we can see updated message application is allowing to set weak password. poc of image in below link https://ibb.co/M9KqPWc
Weak passwords can be guessable or attacker can bruteforce if the length of the password is very small, so try to use random strings with special characters. Though that can be hard to remember as a security point of view it's quite secure. Strong password is also needed to be stored properly.