Impact
Weak passwords can be easily guessed and are an easy target for brute force attacks.
This can lead to an authentication system failure and compromise system security.
Access and login to the demo website: https://cloudexplorer-lite-demo.fit2cloud.com/
At changing password function, the backend does not verify weak passwords so that user can do:
- Set new password as same as old password.
- Set new password by one character, such as 1. This case can bypass frontend check.
Affected versions: <= 1.2.0.
Patches
The vulnerability has been fixed in v1.2.0.
Workarounds
It is recommended to upgrade the version to v1.2.0.
References
If you have any questions or comments about this advisory:
Open an issue in https://github.com/CloudExplorer-Dev/CloudExplorer-Lite
Email us at xin.bai@fit2cloud.com
Impact
Weak passwords can be easily guessed and are an easy target for brute force attacks.
This can lead to an authentication system failure and compromise system security.
Access and login to the demo website: https://cloudexplorer-lite-demo.fit2cloud.com/
At changing password function, the backend does not verify weak passwords so that user can do:
Affected versions: <= 1.2.0.
Patches
The vulnerability has been fixed in v1.2.0.
Workarounds
It is recommended to upgrade the version to v1.2.0.
References
If you have any questions or comments about this advisory:
Open an issue in https://github.com/CloudExplorer-Dev/CloudExplorer-Lite
Email us at xin.bai@fit2cloud.com