Actions
Bug #14277
ferméPassword policy enforcement bypass
Statut:
Closed
Priorité:
Normal
Assigné à:
Catégorie:
-
Version cible:
Début:
24/07/2024
Echéance:
% réalisé:
100%
Temps estimé:
Navigateur:
Firefox
Votre version de Silverpeas:
6.3
Système d'exploitation:
Votre base de données:
Toutes
Livraison en TEST:
Livraison en PROD:
Description
When creating an account or changing password, a request is made to check that the password complies with existing password policies and then a separate request is made to create the account. No check is made to ensure that the password that is tested for compliance to password policy matches the one that is submitted for account creation meaning that by manipulating the second request, you could set a password to '1' or a similarly noncomplex password.
Actions