Weak Password Requirements in weseek/growi

Valid

Reported on

Sep 8th 2021


✍️ Description

You should check and validate the password when users registering, any user able to use a weak password like aaaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords.

💥 Impact

This vulnerability is capable of take control of user's account

Z-Old
9 months ago

Admin


Hey ammammad, I've emailed the maintainers for you.

amammad modified the report
9 months ago
We have contacted a member of the weseek/growi team and are waiting to hear back 9 months ago
weseek/growi maintainer validated this vulnerability 9 months ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
weseek/growi maintainer confirmed that a fix has been merged on b584e2 3 months ago
The fix bounty has been dropped
asami-n
3 months ago

@admin Hello. FIXed. Please tell me CVE.

Jamie Slome
3 months ago

Admin


👆 CVE is: CVE-2022-1236

to join this conversation