Opened 7 years ago

Last modified 7 years ago

#28881 closed Cleanup/optimization

Common password validator does not handle case correctly — at Initial Version

Reported by: Nick Farrell Owned by: nobody
Component: Documentation Version: 2.0
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The CommonPasswordValidator holds a set of common passwords in memory, after strip()ing any whitespace.
While validating a password, it converts it to lowercase before comparing to the set. However, the reference set was not converted to lowercase.

This is not a problem when using the default set of common passwords, as they have been preprocessed to be lowercase. However, there is nothing in the documentation indicating this preprocessing should occur.

Change History (0)

Note: See TracTickets for help on using tickets.
Back to Top