ProjectsAndPrograms School Management System Predictable Password Vulnerability

A vulnerability exists in ProjectsAndPrograms school-management-system due to the use of predictable passwords for students and teachers. Passwords are generated solely from the user's date of birth, without requiring a change upon first login. This allows attackers to easily guess or derive valid credentials, leading to unauthorized access. The vulnerability was confirmed in version 6b6fae5, while other versions may also be affected.

Impact

Exploitation of this vulnerability allows for unauthorized access to user accounts, including those of students and teachers.

Reproduction

The vulnerability can be reproduced by creating a new student or teacher account, as the default password will be set to the individual's date of birth. This password can then be used to log in to the account, bypassing any password complexity requirements.