mohammedabdulkareem0
commented
4 years ago Let me no about fix Thanks & Regards, Mohammed Abdul Kareem
Closed mohammedabdulkareem0 closed 4 years ago
mohammedabdulkareem0
commented
4 years ago Let me no about fix Thanks & Regards, Mohammed Abdul Kareem
DevinWalker
commented
4 years ago Hey @mohammedabdulkareem0 - that's not our website but I'll pass that along to the product owner. Thanks for reporting!
Bug Report
Hi team, Found weak password issue in your website https://wptimecapsule.com/
Description:-
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.
Extended description:-
An authentication mechanism is only as strong as its credentials. For this reason, it is important to require users to have strong passwords. Lack of password complexity significantly reduces the search space when trying to guess user's passwords, making brute-force attacks easier.
Current Behavior
your website allowing users to set their password to simple, at this time, i can set my password to (aaaaaa) Determine the resistance of the application against brute force password guessing using available password dictionaries by evaluating the length, complexity, reuse and aging requirements of passwords.
Expected Behavior
Some policies suggest or impose requirements on what type of password a user can choose such as:
The use of both upper-case and lower-case letters (case sensitivity) inclusion of one or more numerical digits inclusion of special characters, such as @, #, $ prohibition of words found in a password blacklist prohibition of words found in the user's personal information prohibition of use of company name or an abbreviation prohibition of passwords that match the format of calendar dates, license plate numbers, telephone numbers, or other common numbers
Bug Type
Weak password policy Version: Wordpress Time Capsule Plugin < 1.21.16
Steps to Reproduce
Hope it will be fixed soon, Thanks And Regards, Mohammed Abdul Kareem.