J-GainSec

Sure. The issues aren't big. -- Issue 1: Weak Password Requirements -- The OnTrack application allows extremely weak passwords such as "toor". Below is the exact output demonstrating that the...

Think you can increase the "cost" to mitigate the ease of cracking : https://www.rubydoc.info/github/codahale/bcrypt-ruby/BCrypt/Password **Class Method Details** Hashes a secret, returning a BCrypt::Password instance. Takes an optional :cost option, which...

1. You can leave it up to the admin but it's considered part of the [Identification and Authentication Failures](https://cwe.mitre.org/data/definitions/1353.html) OWASP Top 10 categories. Specifically [ CWE-521: Weak Password Requirements](https://cwe.mitre.org/data/definitions/521.html). 2....

Sounds good! Do I your permission to post/publish about this?