search

Rajat2024 / NoteBook

Here notebook is created using React as a frontend and NodeJS as a backend. Here you can add , delete and update notes in your Mongoose database. You create a password using express validation , authentication using JWT Token and salting. An easy way to sign up and log in a notebook, context for data passing through the component.
https://mern-notebook.onrender.com/
0 stars 1 forks source link

No length on password #137

Closed AkankshaGawade closed 1 year ago

AkankshaGawade commented 1 year ago

Describe the bug Hey when I try to set the password while creating account I noticed that you haven't kept any password limit.You need to decrease password length :There are two reasons for limiting the password size. For one, hashing a large amount of data can cause significant resource consumption on behalf of the server and would be an easy target for Denial Of Service attack. Normally all sites have a password minimum to maximum length like 72 characters limit or 48 limit to prevent Denial Of Service attack. in my sql but in weblate registration page there are no limitation. Let me know if you need any more details. This is typically not DoS, but a vulnerability which may lead to DoS attack.

To Reproduce Steps to reproduce the behavior:

  1. Go to 'https://mern-notebook.onrender.com/login'
  2. Click on 'Login'
  3. Enter password

Expected behavior As the response is seen, the server might not be able to handle such lengthy passwords coming from different machines simultaneously. The attacker can perform a DDOS attack by using this vulnerability. So there should be some length on password.

Screenshots Screenshot 2023-05-27 194845

Assign this issue to me under gssoc 23.

kash5811 commented 1 year ago

assign this issue to me