search

webcompat / web-bugs

A place to report bugs on websites.
https://webcompat.com
Mozilla Public License 2.0
742 stars 65 forks source link

juice-shop.herokuapp.com - see bug description #122831

Closed webcompat-bot closed 1 year ago

webcompat-bot commented 1 year ago

URL: https://juice-shop.herokuapp.com/#/

Browser / Version: Edge 113.0.1774 Operating System: Windows 10 Tested Another Browser: Yes Internet Explorer

Problem type: Something else Description: The website allows users to register with weak passwords that do not meet the minimum security requirements. Steps to Reproduce: ✓ Required preconditions:

✓ Actions/steps to (re-) produce the problem:Steps: 1.Navigate to the registration page of the website. 2.Fill in the required registration fields, including the password field. 3.Provide a password that is too short or lacks complexity, such as "12345" or "password". 4.Submit the registration form. 5.Observe if the website allows the registration with a weak password without proper validation and enforcement of password policies.

✓ Expected result/behaviour: The website should enforce strong password policies, such as minimum length, complexity requirements, and prevention of easily guessable passwords.

Bug: The website allows users to register with weak passwords that do not meet the minimum security requirements.

✓ Actual (failed) result/behaviour (problem description): In this example, the bug represents a scenario where the website does not properly enforce strong password policies during the registration process. It allows users to choose weak passwords that are easy to guess or do not meet the minimum security requirements, such as passwords with insufficient length or lack of complexity.

✓ Possible impact: Having weak passwords puts user accounts at risk of being easily compromised by attackers. It is crucial for websites and applications to enforce proper password policies, including minimum length, complexity (combining letters, numbers, and special characters), and preventing the use of easily guessable

View the screenshot Screenshot
Browser Configuration
  • None

From webcompat.com with ❤️

sv-calin commented 1 year ago

Thank you for the report. Unfortunately, I'm unable to access the page.

Note: If the issue is reproducible on any browser then its not a compatibility issue and the bug should be reported to the website owner.

image

Closing this as incomplete.

[qa_22/2023]