Weak Password Requirements in cortezaproject/corteza-server
Jul 18th 2021
Passwords shorter than 8 characters are considered to be weak (NIST SP800-63B). Maximum password length should not be set too low, as it will prevent users from creating passphrases. ... It is important to set a maximum password length to prevent long password Denial of Service attacks.
STEPS FOR REPRODUCTION: 1)Go to https://latest.cortezaproject.org/auth/login 2)Create an account 3)Enter the username,email address and password as 'admin' and your account will be created
Improper secure design principles.
We have contacted a member of the cortezaproject/corteza-server team and are waiting to hear back 2 years ago
commented 2 years ago
Thank you for reporting; I'll get one of our guys to resolve this
Tomaž Jerman validated this vulnerability 2 years ago
sudheendra17 has been awarded the disclosure bounty
The fix bounty is now up for grabs
to join this conversation