- Status Closed
-
Assigned To
cbay - Private
Attached to Project: Security vulnerabilities
Opened by waloodi_109 - 25.05.2025
Last edited by cbay - 26.05.2025
Opened by waloodi_109 - 25.05.2025
Last edited by cbay - 26.05.2025
FS#174 - Weak password policy in Webmail.alwaysdata.com
# Weak password policy in Webmail.alwaysdata.com
Hello Team, I hope you are doing well. While, Researching in your domain I found Weak password policy in Webmail.alwaysdata.com.
I get to know that you are using strong password policy.
I gone through application and checked for that.
and get to know that as per ISO9001 security compliance weak password policy.
#Steps to Reproduce:
1. Login into https://admin.alwaysdata.com/login/.
2. Go to https://admin.alwaysdata.com/mailbox/ and Change Password to ๐จโ๐ฉโ๐งโ๐ฆ.
3. Password will be Changed to ๐จโ๐ฉโ๐งโ๐ฆ.
Impact:
Use Strong Password Policy and remove these Unicode Character's.
Thank You,
Waleed Anwar
Loading...
Available keyboard shortcuts
- Alt + โง Shift + l Login Dialog / Logout
- Alt + โง Shift + a Add new task
- Alt + โง Shift + m My searches
- Alt + โง Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + โง Shift + e โต Enter Edit this task
- Alt + โง Shift + w watch task
- Alt + โง Shift + y Close Task
Task Editing
- Alt + โง Shift + s save task
Hello,
"๐จโ๐ฉโ๐งโ๐ฆ" is not a weak password. On both PasswordMonster and Bitwarden it's considered as strong.
Kind regards,
Cyril
try hello@123 it should be successful
We use zxcvbn to determine whether the password is secure enough. It considers that "hello@123" is average.
ok sir thank you