Weak Password Requirements in I-doit Pro and I-doit Open Versions 25 and Below: A Gateway for Brute Force Attacks
CVE-2023-37756 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack.
Learn more about our User Device Pen Test.