Open J-GainSec opened 2 years ago
You can leave it up to the admin but it's considered part of the Identification and Authentication Failures OWASP Top 10 categories. Specifically CWE-521: Weak Password Requirements.
Interesting, f-droid didn't by default bump it to v2 a few days ago but I grabbed it. But shifting the risk to F-Droid I understand
@J-GainSec f-droid build it back then, it's not rebuild it on and on :) When a new version arrives that one...
Sounds good!
Do I your permission to post/publish about this?
It's not my/f-droid's thing, the dev here decides when/if they publish a new version.
Are we lost in translation?
Hope you're well!
I spent a tiny bit of time so far doing some testing of your app and I'm impressed!
Just have two small issues to tell you about!
More info: https://cwe.mitre.org/data/definitions/521.html
More info: https://medium.com/mobis3c/exploiting-apps-vulnerable-to-janus-cve-2017-13156-8d52c983b4e0 AND https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13156
I'll let you know if anything else comes up!