Improper Implementation of Password strength checker
None
Vulnerability Details
Hi,
I have seen Improper Implementation of Password strength checker for registration and login page. Once it suggest complex password, one can alter the password but the complexity remain the same Its usually related to Ajax or auto-reload implementation.
PoC
-------------------------------------
As a prof of concept see the attached picture, where the complexity says very high but with no password input.
Actions
View on HackerOneReport Stats
- Report ID: 271950
- State: Closed
- Substate: resolved
- Upvotes: 5