Weak Password Policy

[Polapan]

your website allowing users to set their password to simple, at this time, i can set my password to 123456789 Determine the resistance of the application against brute force password guessing using available password dictionaries by evaluating the length, complexity, reuse and aging requirements of passwords.

you should make password policy to protect your user, Uppercase, lowercase. as it makes it much more secure it will be acceptable

impact This password can easily be cracked using dictionary attack.

[callmetushar123]

can someone assign this to me? I can try to fix this cc : @milosgajdos

[Polapan]

Any reward for that bug report? Thanks

On Thu, 8 Sep, 2022 at 11:17 AM, Tushar @.***> wrote:

can someone assign this to me? I can try to fix this

— Reply to this email directly, view it on GitHub https://github.com/distribution/distribution/issues/2907#issuecomment-1240231332, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALXVL43BX73LLFFU757G32DV5FZE7ANCNFSM4HHOELZA . You are receiving this because you authored the thread.Message ID: @.***>

[milosgajdos]

your website allowing users to set their password to simple

Can you please clarify what "website" are you talking about here?

[Polapan]

Thank you for your response. I think github but 3 years ago I reported this bug😶

On Thu, 8 Sep, 2022 at 1:32 PM, Milos Gajdos @.***> wrote:

your website allowing users to set their password to simple

Can you please clarify what "website" are you talking about here?

— Reply to this email directly, view it on GitHub https://github.com/distribution/distribution/issues/2907#issuecomment-1240337629, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALXVL4ZRDJQZ2HDYPY4PIF3V5GJAHANCNFSM4HHOELZA . You are receiving this because you authored the thread.Message ID: @.***>

[milosgajdos]

Closing, this is the wrong repo to report this in. For future reference please report Hub issues in https://github.com/docker/hub-feedback