03-28-2026, 12:30 PM
Low
resolved
resolved
Password Strength Policy Bypass via Server-Side Validation Flaw
Bug reported by was disclosed at March 27, 2026, 7:49 pm | Business Logic Errors
A password strength policy bypass was discovered due to a server-side validation flaw. The password strength policy was only enforced in the browser, not on the server side.