Weak Password Requirements in cortezaproject/corteza-server
Jul 18th 2021
Passwords shorter than 8 characters are considered to be weak (NIST SP800-63B). Maximum password length should not be set too low, as it will prevent users from creating passphrases. ... It is important to set a maximum password length to prevent long password Denial of Service attacks.
STEPS FOR REPRODUCTION: 1)Go to https://latest.cortezaproject.org/auth/login 2)Create an account 3)Enter the username,email address and password as 'admin' and your account will be created
Improper secure design principles.