PacketFence
Bug Tracking System
Main | My View | View Issues | Change Log | Roadmap
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001209PacketFenceweb adminpublic2011-04-15 09:442011-10-25 09:01
Reporterobilodeau 
Assigned Toobilodeau 
PrioritynormalSeverityminorReproducibilityrandom
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target Version2.2.0Fixed in Version2.2.0 
Summary0001209: problematic password validation
DescriptionPassword validation on the Web UI is sketchy.

There's an arbitrary length and a regexp validation on the first character that seems unnecessary for a password field never intended to be displayed (no XSS).

Passwords like !12345 currently fails.

Get rid of the validation.
TagsNo tags attached.
fixed in git revision
fixed in mtn revision61d19ed0e299247522c5a47138a25445bcdc7ac1
Attached Files

- Relationships
related to 0001293closedobilodeau Issues with LDAP-based authentication in web administration interface (login.php) 

-  Notes
(0002028)
obilodeau (reporter)
2011-04-15 09:44

 Turns out passwords should be validated at least against nulls since ldap_bind with a null value does an anonymous bind.

- Issue History
Date Modified Username Field Change
2011-04-15 09:44 obilodeau New Issue
2011-04-15 09:44 obilodeau Status new => assigned
2011-04-15 09:44 obilodeau Assigned To => obilodeau
2011-04-15 09:44 obilodeau Note Added: 0002028
2011-04-15 09:55 obilodeau mtn revision => 61d19ed0e299247522c5a47138a25445bcdc7ac1
2011-04-15 09:55 obilodeau Status assigned => resolved
2011-04-15 09:55 obilodeau Fixed in Version => +1
2011-04-15 09:55 obilodeau Resolution open => fixed
2011-05-04 11:32 obilodeau Fixed in Version +1 => 2.2.0
2011-05-04 11:40 obilodeau Status resolved => closed
2011-10-12 15:07 obilodeau Relationship added related to 0001293
2011-10-25 09:01 obilodeau Target Version +1 => 2.2.0

Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker