Weak Password Requirements in weseek/growi


Reported on

Sep 8th 2021

✍️ Description

You should check and validate the password when users registering, any user able to use a weak password like aaaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords.

💥 Impact

This vulnerability is capable of take control of user's account

a year ago


Hey ammammad, I've emailed the maintainers for you.

amammad modified the report
a year ago
We have contacted a member of the weseek/growi team and are waiting to hear back a year ago
weseek/growi maintainer validated this vulnerability 10 months ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
weseek/growi maintainer confirmed that a fix has been merged on b584e2 4 months ago
The fix bounty has been dropped
4 months ago

@admin Hello. FIXed. Please tell me CVE.

Jamie Slome
4 months ago


👆 CVE is: CVE-2022-1236

to join this conversation