Weak Password Requirements in notrinos/notrinoserp
Aug 18th 2022
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.
Proof of Concept
Steps to reproduce
1. Login to admin account. 2. Drom user account setup create a new user. 3. Full the form username `user3` and password single character `a`. 4. Account created successfully without any password restriction.
An attacker could easily guess user passwords and gain access user accounts.