Weak Password Requirements in weseek/growi

Valid

Reported on

Sep 8th 2021


✍️ Description

You should check and validate the password when users registering, any user able to use a weak password like aaaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords.

💥 Impact

This vulnerability is capable of take control of user's account

Z-Old
a year ago

Admin


Hey ammammad, I've emailed the maintainers for you.

amammad modified the report
a year ago
We have contacted a member of the weseek/growi team and are waiting to hear back a year ago
weseek/growi maintainer validated this vulnerability a year ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
weseek/growi maintainer marked this as fixed in v5.0.0 with commit b584e2 8 months ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
asami-n
8 months ago

Maintainer


@admin Hello. FIXed. Please tell me CVE.

Jamie Slome
8 months ago

Admin


👆 CVE is: CVE-2022-1236

to join this conversation