Weak Password Implimentation in apache/inlong
Apr 2nd 2023
We can change the password with just 1 character when we use change password function.
Proof of Concept
When you change password, just press any character and then submit. You will see "Your password has been changed".
When users change password to a simple password (with any character or symbol), attacker can easily guess user password and access account.
ASF Security Team validated this vulnerability 3 days ago
lujiefsi has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
ASF Security Team marked this as fixed in 1.7.0 with commit 27eba1 3 days ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
ASF Security Team ASF
commented 3 days ago
This has been disclosed as CVE-2023-31098
to join this conversation