CVE-2023-2160

Name of the Vulnerable Software and Affected Versions modoboa/modoboa versions prior to 2.1.0

Description The issue is related to weak password requirements in the modoboa/modoboa GitHub repository. Users can set unsafe passwords, such as 1 or HACK. This issue is fixed in version 2.1.0.

Recommendations For versions prior to 2.1.0, update to version 2.1.0 to resolve the issue. As a temporary workaround, consider enforcing strong password policies to minimize the risk of exploitation. Restrict access to password settings to prevent users from setting weak passwords until the issue is resolved.