HackerOne Disclosed Reports - 2026-03-27

hashXploiter · hashXploiter 03-28-2026, 12:30 PM Administrator

Low
resolved

Password Strength Policy Bypass via Server-Side Validation Flaw

Bug reported by was disclosed at March 27, 2026, 7:49 pm | Business Logic Errors

A password strength policy bypass was discovered due to a server-side validation flaw. The password strength policy was only enforced in the browser, not on the server side.

HackerOne Disclosed Reports - 2026-03-27

hashXploiter

Password Strength Policy Bypass via Server-Side Validation Flaw