Weak password at demo website version 3.1.9 in thorsten/phpmyfaq
Valid
Reported on
Dec 23rd 2022
Description
The demo website is now version 3.1.9 but still affected of weak password requirement.
Proof of Concept
#1. Login to the demo website with any users.
#2. Use "Change password" function, set the new password is number 1.
#3. It's successful, try to re-login to check it.
Impact
Be able to guess the user's passwords and brute force attack to get user's passwords.
We are processing your report and will contact the
thorsten/phpmyfaq
team within 24 hours.
5 months ago
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
The researcher's credibility has increased: +7
Thorsten Rinne
has been awarded the fix bounty
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on
Jan 31st 2023
to join this conversation
