Weak Password Requirements in weseek/growi

Valid

Reported on

Sep 8th 2021

✍️ Description

You should check and validate the password when users registering, any user able to use a weak password like aaaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords.

💥 Impact

This vulnerability is capable of take control of user's account

commented 2 years ago

Admin

Hey ammammad, I've emailed the maintainers for you.

amammad modified the report

2 years ago

We have contacted a member of the weseek/growi team and are waiting to hear back 2 years ago

A weseek/growi maintainer validated this vulnerability 2 years ago

amammad has been awarded the disclosure bounty

The fix bounty is now up for grabs

A weseek/growi maintainer marked this as fixed in v5.0.0 with commit b584e2 2 years ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

commented 2 years ago

Maintainer

@admin Hello. FIXed. Please tell me CVE.

commented 2 years ago

Admin

👆 CVE is: CVE-2022-1236

to join this conversation

commented 2 years ago

Admin

Hey ammammad, I've emailed the maintainers for you.

amammad modified the report

2 years ago

We have contacted a member of the weseek/growi team and are waiting to hear back 2 years ago

A weseek/growi maintainer validated this vulnerability 2 years ago

amammad has been awarded the disclosure bounty

The fix bounty is now up for grabs

A weseek/growi maintainer marked this as fixed in v5.0.0 with commit b584e2 2 years ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

commented 2 years ago

Maintainer

@admin Hello. FIXed. Please tell me CVE.

commented 2 years ago

Admin

👆 CVE is: CVE-2022-1236

to join this conversation