Comments (2)
plr0man
commented on May 30, 2024
Other than policies that allow "a" (no complexity) or "aaaaaaaa" (repeat characters) let's discuss how to classify sequential character passwords like "12345678", "abcdefgh", "qwertyui" or "!@#$%^&*". Credit to @EdisK
from vulnerability-rating-taxonomy.
plr0man
commented on May 30, 2024
After consulting with the team we have decided to remove all Insufficient Security Configurability->Weak Password Policy variants and implement the following subcategories:
Insufficient Security Configurability->No Password Policy (P4)
Insufficient Security Configurability->Weak Password Policy (P5)
Going from VRT 1.2 forward we will be only recommending no password policy as low risk issues and rate any existing weak password policy as P5 informational, meeting the customers' expectations and leaving the decision to fix/reward to the client.
from vulnerability-rating-taxonomy.
Related Issues (20)
- BAC -> IDORs in Different impacts HOT 4
- Removing "Broken Access Control (BAC) > Server-Side Request Forgery (SSRF) > External" HOT 5
- Why application wide CORS misconfiguration is not a p2???? HOT 1
- Request to add LDAP Injection as Bugcrowd VRT HOT 11
- Depreciation of IE11 HOT 4
- Disposable Email Addresses - invalid HOT 5
- Privilege Escalation as a subcategory of Broken Access Controls HOT 7
- Addition - Failure to Invalidate Session On Permission Change HOT 3
- HTTP Request Smuggling HOT 2
- Addition - HTML Content Injection HOT 1
- Update - PII Leakage updated to Sensitive Information Leak HOT 3
- Why Blind XSS can't be P1 While Massive PII is leakage? HOT 1
- SSRF as it's own top-category HOT 2
- infinite 301 HOT 4
- Text injection - needs higher priority HOT 4
- Content spoofing - needs higher priority HOT 1
- New IDOR Variants HOT 10
- Change of "Sensitive Data Exposure > Disclosure of Secretes > Intentionally Public, Sample or Invalid"
- Add unnecessary open port on server misconfiguration in P1 HOT 1
- Add LLM VRT Entries HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vulnerability-rating-taxonomy.