Enviar #255759: PHPGurukul Online Notes Sharing System 1.0 Broken Authenticationinformación

TítuloPHPGurukul Online Notes Sharing System 1.0 Broken Authentication
DescripciónBug Description: A security vulnerability in the Online Notes Sharing System 1.0 exposes users to potential risks by allowing registration with default weak passwords. The issue arises due to the absence of proper password strength enforcement during user registration, enabling individuals to set weak and easily guessable passwords. Steps to Reproduce: # Exploit Title: Default Weak Password Enabled in Online Notes Sharing System # Date: 20-12-2023 # Exploit Author: dhabaleshwardas # Vendor Homepage: https://phpgurukul.com/ # Software Link: https://phpgurukul.com/online-notes-sharing-system-using-php-and-mysql/ # Version: 1.0 # Tested on: firefox/chrome/brave # CVE: To exploit the vulnerability: 1- Navigate to the "signup.php" page of the application. 2- Register a new account by providing any valid information. 3- Set a weak and easily guessable password, such as "1" during the registration process. 4- Complete the registration process, and the system accepts the weak password without enforcing adequate password strength. 5- Log in to the application using the registered account with the weak password. Impact: This vulnerability allows users to register with default weak passwords, making it easier for malicious actors to perform brute-force attacks, compromise user accounts, and potentially gain unauthorized access to sensitive information within the application. Remediation: Implement password complexity requirements, including a minimum length, a mix of uppercase and lowercase letters, numbers, and special characters.
Fuente⚠️ https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/note_weakpass.md
Usuario
 dhabaleshwar (UID 58737)
Sumisión2023-12-20 17:34 (hace 2 años)
Moderación2023-12-21 17:09 (24 hours later)
EstadoAceptado
Entrada de VulDB248740 [PHPGurukul Online Notes Sharing System 1.0 /user/signup.php autenticación débil]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!