Weak Password Requirements in janeczku/calibre-web
Valid
Reported on
Jun 1st 2022
Description
Weak password policy leads to successful bruteforce attack
Steps to reproduce
1.Go to http://localhost:8083/login
and login with default credentials admin/admin123
2.Go to http://localhost:8083/me
and change password to 123
- Noticed that password has been changed successful
Impact
Account takeover
We are processing your report and will contact the
janeczku/calibre-web
team within 24 hours.
a year ago
We have contacted a member of the
janeczku/calibre-web
team and are waiting to hear back
a year ago
We have sent a
follow up to the
janeczku/calibre-web
team.
We will try again in 7 days.
a year ago
We have sent a
second
follow up to the
janeczku/calibre-web
team.
We will try again in 10 days.
a year ago
We have sent a
third and final
follow up to the
janeczku/calibre-web
team.
This report is now considered stale.
a year ago
The researcher's credibility has increased: +7
We have sent a
fix follow up to the
janeczku/calibre-web
team.
We will try again in 7 days.
a year ago
We have sent a
second
fix follow up to the
janeczku/calibre-web
team.
We will try again in 10 days.
a year ago
We have sent a
third and final
fix follow up to the
janeczku/calibre-web
team.
This report is now considered stale.
a year ago
I'm having a fix in the developer branch, but I need some more time for testing before releasing it
to join this conversation