First Flight #1: PasswordStore

First Flight #1

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Absence of Password Security Standards

0xepley

Summary

The issue revolves around the absence of password security standards in the setPassword function. As it stands, there are no checks in place for crucial factors like password length or complexity

Vulnerability Details

There is no mechanism in place to enforce security standards for passwords set in the setPassword function. This means there are no checks for factors such as password length or complexity, potentially leading to weak passwords being used.

Impact

The absence of password security standards leaves the system vulnerable to the use of weak and easily guessable passwords. This could compromise the security of the stored password and the overall integrity of the system.

Tools Used

Manual Review

Recommendations

Implement a password validation mechanism that enforces security standards, such as requiring passwords to meet specific length and complexity requirements. This will enhance the security of the password storage system and protect it from potential vulnerabilities.

Updates

Lead Judging Commences

inallhonesty Lead Judge

almost 2 years ago

inallhonesty Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Admin Input/call validation

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.