Weak Password Requirements in I-doit Pro and I-doit Open Versions 25 and Below: A Gateway for Brute Force Attacks

Weak Password Requirements in I-doit Pro and I-doit Open Versions 25 and Below: A Gateway for Brute Force Attacks

CVE-2023-37756 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack.

Learn more about our User Device Pen Test.