Password Policy Restriction Bypass
Low
C
Cloudflare Public Bug Bounty
Submitted None
Team Summary
Official summary from Cloudflare Public Bug Bounty
Due to insufficient input validation on the backend side, It was possible to bypass the Password Policy Restrictions for Cloudflare accounts by intercepting the request and modifying the content of the password field. This way, a user could set up weak passwords for their account. The password policy restrictions were updated in the backend to match frontend side validation rules.
Actions:
Reported by
lohigowda
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Violation of Secure Design Principles