The application uses settings that violate the password security policy.

Using password policies is an important security feature in information systems for several reasons:

Resistance to cracking: passwords that meet specific complexity criteria (e.g., length, different types of characters) are more difficult to crack by brute force methods. The more complex the password is, the more time it will take for a successful attack to happen.
Defense against dictionary attacks: passwords created based on commonly used words or phrases are easier to defeat by dictionary attacks.
Preventing the use of easily guessable passwords: by setting password requirements, you can prevent the use of simple and obvious combinations such as “password” or “123456”.
Security in case of data leakage: in case hashed passwords are leaked due to a security breach, strong passwords make it more difficult to decrypt and use the stolen data.
Compliance with regulations and standards: many security standards (e.g., PCI DSS, HIPAA) require specific password policies to be set. Following these standards provides compliance with security rules and regulations.

Ruby : Access control missing

DerScanner Severity Score