Weak Password Policy Enforcement in HCL iNotes

Weak Password Policy Enforcement in HCL iNotes

CVE-2022-27558 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking.

Learn more about our User Device Pen Test.