Projet

Général

Profil

Actions

Bug #14277

fermé

Password policy enforcement bypass

Ajouté par Nate McGraw il y a 5 mois. Mis à jour il y a 4 mois.

Statut:
Closed
Priorité:
Normal
Assigné à:
Catégorie:
-
Début:
24/07/2024
Echéance:
% réalisé:

100%

Temps estimé:
Navigateur:
Firefox
Votre version de Silverpeas:
6.3
Système d'exploitation:
Votre base de données:
Toutes
Livraison en TEST:
Livraison en PROD:

Description

When creating an account or changing password, a request is made to check that the password complies with existing password policies and then a separate request is made to create the account. No check is made to ensure that the password that is tested for compliance to password policy matches the one that is submitted for account creation meaning that by manipulating the second request, you could set a password to '1' or a similarly noncomplex password.

Actions

Formats disponibles : Atom PDF