Product: CF-WR623N (http://www.comfast.com.cn/index.php?m=content&c=index&a=show&catid=98&id=13)
Description: The passwordpolicy is only implemented on the clientside and can be bypassed to set no password or a password with a length >8
I realize that this is somewhat of a lame best practice vulnerability aimed at improving the overall security posture of the application and the users.
The application is not following its own security best practices. I understand that if somebody goes out of their way to put a shitty password, its really their fault but your policies should be applied consistently across the board to better improve the security posture of the application.
As seen below the frontend forces a 5-32 password
Below we're going to be setting the password or the admin user to the single character k
The password changed worked because we're not able to auth as the admin user with the password k
