Vulnerability Details
Severity:
Medium
Category:
auth
Description
The application allows users to set weak passwords that do not meet security best practices, making accounts susceptible to brute force and credential stuffing attacks.
Risks
Weak passwords can be easily guessed or cracked, leading to unauthorized account access, data breaches, and potential privilege escalation.
Remediation
Enforce minimum password length of 12+ characters. Require a mix of uppercase, lowercase, numbers, and special characters. Implement password breach checking against known compromised passwords. Consider implementing passwordless authentication.