Short Description
Password length was handled incorrectly on the server side
Reporting Date
- September 2022
Details
The API service handled the password verification incorrectly. More characters than possible could be submitted to the API service. The backend has processed only the first 72 bytes of the password. Any excess characters have been discarded in the hash generation.
Impact
Low
References
- Bug Bounty ID: 6e941190 (Public)
- Internal ID: SEC-832
Short Description
Password length was handled incorrectly on the server side
Reporting Date
Details
The API service handled the password verification incorrectly. More characters than possible could be submitted to the API service. The backend has processed only the first 72 bytes of the password. Any excess characters have been discarded in the hash generation.
Impact
Low
References