Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V2 - Authentication

Weak Password Policy

POC

  1. Change password to only numerical
  2. Change password to only lower case
  3. Change password to common passwords
  4. Change password to short passwords
  5. Observe that the application has weak or no password policy

Impact

Low-Medium (in case no rate limiting for login face and the password is brute-forceable)

Likelihood

Low