Is my report valid?

A frequent question that I hear from bug bounty hunters is whether their finding is a valid issue and if they should report it. This tool will check the contents of your report against a list of keywords commonly associated with invalid reports and determine whether you should submit your report or not.

Hi team, I observe this behaviour in your website and found poor password complexity forced when registering for an account. Here are the reprdouce steps below. Reproduce steps: 1.Open app.legalrobot-uat.com 2.Open registration form. 3.Fill all the fields but when going for a password write a password like this ''abcdefghijklmn'' 4.And your account was successfully created with this simple type of password and can easily be guessed. Fix Or Reccomendation: According to password policy for choosing a secure and complex password we must consider the following points in password policy: Passwords should use three of four of the following four types of characters: 1.Lowercase 2.Uppercase 3.Numbers 4.Special characters such as !@#$%^&*(){}[] In reproduce steps you can see the password which is ''abcdefghijklmn''. there is no uppercase letter forced,no numbers forced and no special characters forced by your website. If you want to make your password complexity good your should consider these four points in your password field written above. i usually when visit other websites and go for registering an account and when writing a password in password i observe that these password complexity points are forced by the website and you cant make a password like ''abcdefghijklmn'' which can easily guessed by someone. Hope you'll triage this. Thanks
Check

🔥 The Hall of N/A

This is the notorious Hall of N/A — a list of issues that are usually not accepted by bug bounty programs.

Issue type	Description
Network-level Denial of Service (DoS/DDoS) vulnerabilities	Most bug bounty programs, if not all programs, do not want you to disrupt any of their services. On top of that, to be honest with you, if someone really wants to take down a service they will always find a way.
Missing security headers	These low severity issues can easily be detected with tools such as Hardenize and Security Headers.
Content injection	The severity of this issue is so low that it does not warrant a report.
Logout CSRF	In order for CSRF to be a valid issue it must affect some important action such as deleting one's account.
Missing cookie flags on non-security-sensitive cookies	These type of issues do not present a major risk and are usually picked up by scanners.
401 injection	With this issue type it really depends on the program. Check previous reports to the program you plan on reporting 401 injection to and see if they have accepted 401 injection in the past.
Banner grabbing issues (figuring out what web server the company is using)	Without a detailed proof of concept, most programs will not accept these type of reports.