Weak Password Requirements
CVE-2022-29700
Summary
A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification.
- LOW
- NETWORK
- NONE
- NONE
- NONE
- PARTIAL
CWE-521 - Weak Password Requirements
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.
References
Advisory Timeline
- Published