Opened 6 years ago
Last modified 6 years ago
#28881 closed Cleanup/optimization
Common password validator does not handle case correctly — at Version 1
| Reported by: | Nick Farrell | Owned by: | nobody |
|---|---|---|---|
| Component: | Documentation | Version: | 2.0 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
The CommonPasswordValidator holds a set of common passwords in memory, after strip()ing any whitespace.
While validating a password, it converts it to lowercase before comparing to the set. However, the reference set was not converted to lowercase.
This is not a problem when using the default set of common passwords, as they have been preprocessed to be lowercase. However, there is nothing in the documentation indicating this preprocessing should occur.
Note:
See TracTickets
for help on using tickets.