Security Advisory 05 – 007 – Password Policy Implemented
At Client rather than Server
Webseries Payment Application
Vulnerability discovery and development:
Portcullis Security Testing Services
Bottomline Webseries Payment Application
Whilst client side data validation can be of assistance in aiding a user to correctly enter the required information, client side scripts can be easily by-passed in a number of ways. This allows a user to set their password to a value not acceptable to the implemented security policy.
No exploit code required.