mahara-contributors team mailing list archive
-
mahara-contributors team
-
Mailing list archive
-
Message #37702
[Bug 1625361] [NEW] Use password check on /admin/users/edit.php
*** This bug is a security vulnerability ***
Public security bug reported:
When you change your password on your personal account settings page or
via the force password screen, it goes through a password checker to
determine some basic security and length of the password.
These checks are not performed on when changing the password on
/admin/users/edit.php as admin.
For example: I can enter the password "mahara" on that screen, but can't
use it on /account/index.php because it's deemed too simple.
** Affects: mahara
Importance: Medium
Status: Confirmed
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1625361
Title:
Use password check on /admin/users/edit.php
Status in Mahara:
Confirmed
Bug description:
When you change your password on your personal account settings page
or via the force password screen, it goes through a password checker
to determine some basic security and length of the password.
These checks are not performed on when changing the password on
/admin/users/edit.php as admin.
For example: I can enter the password "mahara" on that screen, but
can't use it on /account/index.php because it's deemed too simple.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1625361/+subscriptions
Follow ups