Security vulnerabilities

  • Status Closed
  • Assigned To
    cbay
  • Private
Attached to Project: Security vulnerabilities
Opened by waloodi_109 - 25.05.2025
Last edited by cbay - 26.05.2025

FS#174 - Weak password policy in Webmail.alwaysdata.com

# Weak password policy in Webmail.alwaysdata.com

Hello Team, I hope you are doing well. While, Researching in your domain I found Weak password policy in Webmail.alwaysdata.com.

I get to know that you are using strong password policy.
I gone through application and checked for that.
and get to know that as per ISO9001 security compliance weak password policy.

#Steps to Reproduce:

1. Login into https://admin.alwaysdata.com/login/.
2. Go to https://admin.alwaysdata.com/mailbox/ and Change Password to ๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ.
3. Password will be Changed to ๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ.

Impact:

Use Strong Password Policy and remove these Unicode Character's.

Thank You,

Waleed Anwar

Closed by  cbay
26.05.2025 08:25
Reason for closing:  Invalid
26.05.2025: A request to reopen the task has been made. Reason for request: try hello@123 it should be successful
Admin
cbay commented on 26.05.2025 08:24

Hello,

"๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ" is not a weak password. On both PasswordMonster and Bitwarden it's considered as strong.

Kind regards,
Cyril

try hello@123 it should be successful

Admin
cbay commented on 26.05.2025 08:59

We use zxcvbn to determine whether the password is secure enough. It considers that "hello@123" is average.

ok sir thank you

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing