Application accepts passwords to be set as empty, which poses a major security risk.

[KSanjith]

Details: Given how seriously the user's security and privacy are taken, one might expect that the app would not accept blank passwords to be set. However, that is not the case. Careless first time users might accidentally press the enter button when first launching the app, which the app would take to as the password. This poses a major security risk due to the password being left blank.

Steps to Reproduce:

1. Open the app for the first time
2. Press enter key when prompted to enter password (which was done in the screenshot)

Expected: App warns user that the password field has been left blank, and asks them to create a new proper password.

Actual: App accepts the empty password and continues on as normal.

Screenshot:

[nus-pe-script]

[IMPORTANT!: Please do not edit or reply to this comment using the GitHub UI. You can respond to it using CATcher during the next phase of the PE]

Team's Response

Dear tester,

The team has discussed and decided to categorize the bug as not in scope. The following are the justifications:

1. As per stated in the course website in the screenshot below, the program files are already assumed to be secure and thus this password feature is created for completeness sake and thus there is no need for requirements for the password. We leave it up to the user.

Items for the Tester to Verify

:question: Issue response

Team chose [response.NotInScope]

• [ ] I disagree

Reason for disagreement: [replace this with your reason]

---