Weak Password Requirement in thorsten/phpmyfaq
Valid
Reported on
Oct 20th 2022
Description
We can change password with just 1 character when we use change password function.
Proof of Concept
When you change password, just press an charactor and then submit. Your password has been changed.
Impact
When users change password to a too simple password, attacker can easily guess user password and access account.
We are processing your report and will contact the
thorsten/phpmyfaq
team within 24 hours.
3 months ago
Hoang Van Hiep modified the report
3 months ago
We have contacted a member of the
thorsten/phpmyfaq
team and are waiting to hear back
3 months ago
The researcher's credibility has increased: +7
Here's the fix: https://github.com/thorsten/phpMyFAQ/commit/d7a87d2646287828c70401ca8976ef531fbc77ea
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
We have sent a
fix follow up to the
thorsten/phpmyfaq
team.
We will try again in 7 days.
3 months ago
to join this conversation