Weak Password Requirements in weseek/growi


Reported on

Sep 8th 2021

✍️ Description

You should check and validate the password when users registering, any user able to use a weak password like aaaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords.

💥 Impact

This vulnerability is capable of take control of user's account

2 years ago


Hey ammammad, I've emailed the maintainers for you.

amammad modified the report
2 years ago
We have contacted a member of the weseek/growi team and are waiting to hear back 2 years ago
weseek/growi maintainer validated this vulnerability 2 years ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
weseek/growi maintainer marked this as fixed in v5.0.0 with commit b584e2 2 years ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
2 years ago


@admin Hello. FIXed. Please tell me CVE.

Jamie Slome
2 years ago


👆 CVE is: CVE-2022-1236

to join this conversation