Potential migitations:
Enforce usage of strong passwords. A password strength policy should contain the following attributes:
1: Minimum and maximum length;
2: Require mixed character sets (alpha, numeric, special, mixed case);
3: Do not contain user name;
4: Expiration;
5: No password reuse.
Steps to reproduce:
1: Go to https://workchain.io/registration 2: Fill in all the details and set the password to 123456 3: Create your your account.
Impact: An attacker can easily guess user passwords, or use an dictionairy attack.
Reference: https://cwe.mitre.org/data/definitions/521.html
Potential migitations: Enforce usage of strong passwords. A password strength policy should contain the following attributes: 1: Minimum and maximum length; 2: Require mixed character sets (alpha, numeric, special, mixed case); 3: Do not contain user name; 4: Expiration; 5: No password reuse.