In Daybyday CRM, versions 1.1 up to and including 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an malicious user to brute-force users’ passwords with minimal to no computational effort.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
daybydaycrm daybyday crm |