Logic vulnerability - No password security policy

# Summary

In the latest v6.0.0 version, when users register, there is no password security policy. Passwords can be any combination of any length, even a single digit. Users typically use extremely weak passwords, making it easy for attackers to obtain user account passwords through guessing, brute-force attacks, and other methods.Retry[Claude can make mistakes. Please double-check responses.](https://support.anthropic.com/en/articles/8525154-claude-is-providing-incorrect-or-misleading-responses-what-s-going-on)

# POC

<img width="1280" height="1025" alt="Image" src="https://github.com/user-attachments/assets/beb00683-017a-4545-97e3-ff721b28c112" />

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Logic vulnerability - No password security policy #201

Summary

POC

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Logic vulnerability - No password security policy #201

Description

Summary

POC

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions