SYM_PY_0178 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Weak Password Requirements
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-521: Weak Password Requirements |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Passwords are being set on user accounts without first validating their strength and complexity using Django's password validation. This means weak or easily guessable passwords might be accepted.
Impact
If passwords are not properly validated, attackers or users could set weak passwords, making accounts much easier to compromise. This increases the risk of unauthorized access, data breaches, and could undermine the security of the entire application.