rdiffweb allows a new password to be the same as the previous password
Moderate severity
GitHub Reviewed
Published
Oct 6, 2022
to the GitHub Advisory Database
•
Updated Nov 22, 2024
Description
Published by the National Vulnerability Database
Oct 6, 2022
Published to the GitHub Advisory Database
Oct 6, 2022
Reviewed
Oct 6, 2022
Last updated
Nov 22, 2024
rdiffweb prior to 2.5.0a4 allows users to set their new password to be the same as the old password during a password reset. Version 2.5.0a4 enforces a password policy in which a new password cannot be the same as the old one.
References