Safety vulnerability ID: 74436
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Versions ethyca-fides are vulnerable to Client-Side Enforcement of Server-Side Security (CWE-602). The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set weak passwords by bypassing client-side validations. This vulnerability enables attackers to compromise accounts through brute-force or guessing attacks using easily obtainable passwords.
Latest version: 2.51.1
Open-source ecosystem for data privacy as code.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application