CVE-2022-22110

Name of the Vulnerable Software and Affected Versions Daybyday CRM versions 1.1 through 2.2.0

Description The issue allows users with privileges to update their passwords to weak passwords, such as those with a length of a single character. This may enable an attacker to brute-force users' passwords with minimal to no computational effort.

Recommendations For Daybyday CRM versions 1.1 through 2.2.0, consider implementing stronger password requirements to prevent the use of weak passwords, such as enforcing a minimum password length. As a temporary workaround, restrict users from updating their passwords to weak ones, such as those with a length of a single character, until a more robust password policy is implemented.