📄

Report #30015

Report Date
April 12, 2024
Status
Closed
Payout

Weak Password Policy .

Report Info

Report ID#30015

Report type

Websites and Applications

Has PoC?

Yes

Target

https://etherscan.io/register(Out of scope)

Impacts

  • Direct theft of user funds

Description

Low category password accepted by website servers .

#This can lead to users account takeover . Ensure Servers to reject weak category passwords.

Proof of concept

1). Visit the link https://etherscan.io/register Create Your Account

2). Use any weak password like 12345678 3). Website will accept weak password .

Immunefi Response

Immunefi has reviewed this vulnerability report and decided to close since being out of scope for Beanstalk bug bounty program.
  • claimed impact by the whitehat is in scope for the bug bounty program
  • claimed asset by the whitehat is not in scope for the bug bounty program
  • claimed severity is not in scope for the bug bounty program

The project will now be automatically subscribed and receive a report of the closed submission and can evaluate if they are interested in re-opening it. However, note that they are not under any obligation to do so.