Comments (1)
plr0man
commented on May 29, 2024
Hi @SYNTAXERRORBA,
Thanks for writing in. The entry you mention that addresses single character passwords being allowed is in fact rated P3 by the VRT, but please keep in mind that VRT provides suggested priority and the decision to fix/reward is always up to the customer.
Weak password policy is one of those issues that are often by design due to usability concerns and customers accept the risk that comes with it. However there are many cases where weak or lack of password policy are unintended which makes corresponding reports valid and rewardable.
I am sorry you've had bad experience, but downgrading this type of issues to P5 as a general rule would prevent valuable security research from being provided to the customers that need it.
Hope this helps!
from vulnerability-rating-taxonomy.
Related Issues (20)
- BAC -> IDORs in Different impacts HOT 4
- Removing "Broken Access Control (BAC) > Server-Side Request Forgery (SSRF) > External" HOT 5
- Why application wide CORS misconfiguration is not a p2???? HOT 1
- Request to add LDAP Injection as Bugcrowd VRT HOT 11
- Depreciation of IE11 HOT 4
- Disposable Email Addresses - invalid HOT 5
- Privilege Escalation as a subcategory of Broken Access Controls HOT 7
- Addition - Failure to Invalidate Session On Permission Change HOT 3
- HTTP Request Smuggling HOT 2
- Addition - HTML Content Injection HOT 1
- Update - PII Leakage updated to Sensitive Information Leak HOT 3
- Why Blind XSS can't be P1 While Massive PII is leakage? HOT 1
- SSRF as it's own top-category HOT 2
- infinite 301 HOT 4
- Text injection - needs higher priority HOT 4
- Content spoofing - needs higher priority HOT 1
- New IDOR Variants HOT 10
- Change of "Sensitive Data Exposure > Disclosure of Secretes > Intentionally Public, Sample or Invalid"
- Add unnecessary open port on server misconfiguration in P1 HOT 1
- Add LLM VRT Entries HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vulnerability-rating-taxonomy.