cve/2022/CVE-2022-22110.md

### [CVE-2022-22110](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22110)
![](https://img.shields.io/static/v1?label=Product&message=DaybydayCRM&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=flarepoint&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%3D%202.2.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-521%20Weak%20Password%20Requirements&color=brighgreen)

### Description

In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’ passwords with minimal to no computational effort.

### POC

#### Reference
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22110

#### Github
No PoCs found on GitHub currently.