Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No length on password #78

Closed
AkankshaGawade opened this issue May 29, 2023 · 1 comment
Closed

No length on password #78

AkankshaGawade opened this issue May 29, 2023 · 1 comment
Assignees
@AkankshaGawade
Labels
gssoc23 level2

Comments

@AkankshaGawade
Copy link

Hey when I try to set the password while creating account I noticed that you haven't kept any password limit.
You need to decrease password length :There are two reasons for limiting the password size. For one, hashing a large amount of data can cause significant resource consumption on behalf of the server and would be an easy target for Denial Of Service attack.
Normally all sites have a password minimum to maximum length like 72 characters limit or 48 limit to prevent Denial Of Service attack. in my sql but in weblate registration page there are no limitation. Let me know if you need any more details.
This is typically not DoS, but a vulnerability which may lead to DoS attack.
Please assign me this issue under GSSoC'23!
@sagnik-p
Copy link

This issue has been inactive for a long time
I would like to work on this issue
Please assign

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AkankshaGawade AkankshaGawade

Labels
gssoc23 level2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Gaurav-Verma07 @AkankshaGawade @sagnik-p