Weak Password Requirement in thorsten/phpmyfaq


Reported on

Oct 20th 2022


We can change password with just 1 character when we use change password function.

Proof of Concept

When you change password, just press an charactor and then submit. Your password has been changed.


When users change password to a too simple password, attacker can easily guess user password and access account.

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. a year ago
Hoang Van Hiep modified the report
a year ago
We have contacted a member of the thorsten/phpmyfaq team and are waiting to hear back a year ago
Thorsten Rinne validated this vulnerability a year ago
sk4rl1ght has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Thorsten Rinne gave praise a year ago
Here's the fix: https://github.com/thorsten/phpMyFAQ/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
Hoang Van Hiep
a year ago


Can you assign cve?

We have sent a fix follow up to the thorsten/phpmyfaq team. We will try again in 7 days. a year ago
Thorsten Rinne
a year ago


@t1g3r0x never did that

Thorsten Rinne marked this as fixed in 3.1.8 with commit d7a87d a year ago
Thorsten Rinne has been awarded the fix bounty
This vulnerability has now been published a year ago
to join this conversation