An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.
When changing your password, upon submission of the new password, the password is first sent in a POST request to an endpoint which checks to ensure that the password is in compliance with complexity requirements.
After Silverpeas has confirmed that the password meets the requirements, a separate POST request is made to update the account with the password with no checks, leading to a possibility of setting a single character password.
