-
Update the user authentication system to hash passwords before storing them. This will enhance security by ensuring that user passwords are not stored in plain text. Implement password hashing and upd…
-
There seems to be a Host header injection vulnerability in line 26 of `src/password-reset/password-reset.service.ts`
## What is Host Header Injection?
When an application trusts the Host header…
-
### Issue Summary
Rohit reported another security issue:
----
Target URL: https://app.formbricks.com/auth/forgot-password
Vulnerability Type: User Email Enumeration
Severity: Medium
De…
-
Hi,
Out of external method (ex. encrypt future saved by arx data, etc.)
is it possible to have a protection to don't authorize anybody to dump, extract, list data in an arx container ?
Philippe…
-
- security vulnerabilities in the current implementations of the login, logout, and forgot password handlers, making them susceptible to attacks.
-
### **Summary**
A critical security vulnerability in impler.io's password hashing implementation allows for potential authentication bypass and performance degradation due to missing maximum password…
-
This is an already known issue, but I think it deserves a placeholder to remember that it exists and continue thinking in a solution.
FirstBootWizard exposes the md5crypt hash of the router root pa…
-
-
### Steps to Reproduce
Using the term "App Password" creates room for ill-informed users to accidentally compromise their account password.
**Steps to Reproduce:**
1. Third Party application asks…
-
**Problem Statement**
The current signup page lacks password requirements such as a minimum length, inclusion of one uppercase letter, and one special character. This absence compromises the security…