V2 - Authentication
Weak Password Policy
POC
- Change password to only numerical
- Change password to only lower case
- Change password to common passwords
- Change password to short passwords
- Observe that the application has weak or no password policy
Impact
Low-Medium (in case no rate limiting for login face and the password is brute-forceable)
Likelihood
Low
