Bypass change password policy in tsolucio/corebos

Valid

Reported on

Apr 24th 2023


Description

I tested your demo site and discovered a vulnerability that could bypass password length and password complexity validation in your account's password change function.

Proof of Concept

link video PoC

https://drive.google.com/file/d/1r2TAeFdLA_eEREUccDoE86Yacavv79VR/view?usp=sharing

Impact

  1. Potential information security risks

  2. Potential system security risks

  3. Impact on reputation

  4. Consumes time and resources

We are processing your report and will contact the tsolucio/corebos team within 24 hours. 10 months ago
We have contacted a member of the tsolucio/corebos team and are waiting to hear back 10 months ago
H4ck3r Kh0ỏng
10 months ago

Researcher


Hello, is there any new update?

H4ck3r Kh0ỏng modified the report
10 months ago
Joe Bordes validated this vulnerability 9 months ago
chucsse has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Joe Bordes marked this as fixed in 8 with commit e3dabd 9 months ago
Joe Bordes has been awarded the fix bounty
This vulnerability has now been published 9 months ago
to join this conversation