Weak Password Requirements in weseek/growi
Sep 8th 2021
You should check and validate the password when users registering, any user able to use a weak password like
aaaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords.
This vulnerability is capable of take control of user's account