Opened 7 years ago
Last modified 7 years ago
#28881 closed Cleanup/optimization
Common password validator does not handle case correctly — at Initial Version
Reported by: | Nick Farrell | Owned by: | nobody |
---|---|---|---|
Component: | Documentation | Version: | 2.0 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Ready for checkin | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
The CommonPasswordValidator holds a set of common passwords in memory, after strip()ing any whitespace.
While validating a password, it converts it to lowercase before comparing to the set. However, the reference set was not converted to lowercase.
This is not a problem when using the default set of common passwords, as they have been preprocessed to be lowercase. However, there is nothing in the documentation indicating this preprocessing should occur.
Note:
See TracTickets
for help on using tickets.