Crucible: Weak Password Policy

XMLWordPrintable

    • Type: Public Security Vulnerability
    • Resolution: Fixed
    • Priority: Low
    • 4.8.15
    • Affects Version/s: 4.8.14
    • Component/s: None
    • 2.4
    • Low
    • Penetration Testing
    • Security Misconfiguration

      The application password policy does not enforce strong password requirements. Users could choose short or common passwords that can be discovered by executing a brute force attack.

      New password requirements :

      • Passwords must meet at least 3 out of the following 4 complexity rules.
        • At least 1 lowercase character (a-z)
        • At least 1 digit (0-9)
        • at least 1 special character (punctuation)
        • At least 1 uppercase character (A-Z)
      • At least 10 characters
      • At most 128 characters

              Assignee:
              Unassigned
              Reporter:
              Oleh Shchur (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: