Run #14 — Full Report
http://localhost:8088
Suites: ai | Status: done | 2026-02-23 09:08:11 UTC
⚠ Vulnerabilities Found (3)
MEDIUM
Auth Registration Failure
Registration returned HTTP 422
Fix: Check v2.0 DB connection and user creation logic
MEDIUM
Weak Password Policy
4 weak passwords accepted
Fix: Enforce min 12 chars, uppercase, number, special char
LOW
User Enumeration
Different error messages reveal email validity
Fix: Use generic 'Invalid credentials' for all auth failures
Ai
(
5 pass / 1 fail / 10 total)
v2_detection
v2.0 auth endpoints detected on target - AI tests will run fully
5ms
ollama_reachable
AI analysis field in response (10865ms) - Ollama connected
10864ms
v2_register
Registration failed (HTTP 422)
30ms
weak_password
Only 0/4 weak passwords rejected
12ms
dupe_email
Duplicate email returned HTTP 422 (expected 400/409)
7ms
wrong_password
Invalid credentials rejected (HTTP 422)
10ms
jwt_manipulation
'none' algorithm JWT rejected (401/403)
4ms
ai_typosquatting
AI caught 1/3 typosquatting URLs
2530ms
scan_performance
v2.0 scan completed in 151ms
152ms
user_enum
Different messages: valid='[{'type': 'value_error', 'loc': ['body', 'email'], 'msg': 'value is not a valid email address: The part after the @-sign is a special-use or reserved name that cannot be used with email.', 'input': '[email protected]', 'ctx': {'reason': 'The part after the @-sign is a special-use or reserved name that cannot be used with email.'}}]' vs invalid='[{'type': 'value_error', 'loc': ['body', 'email'], 'msg': 'value is not a valid email address: The part after the @-sign is a special-use or reserved name that cannot be used with email.', 'input': '[email protected]', 'ctx': {'reason': 'The part after the @-sign is a special-use or reserved name that cannot be used with email.'}}]'
7ms