Actions
Defect #1459
closedEnhanced control - cannot set password starting with *, username similarity doesn't work
Status:
Rejected
Priority:
Normal
Assignee:
Ondřej Kopr
Category:
Password policy
Target version:
Start date:
01/21/2019
Due date:
% Done:
0%
Estimated time:
Affected versions:
Owner:
Description
Affected version: 9.3.3
When Enhanced control in password policy for validation is enabled and you we try to change password to "*demo1234", we get Server error.
Error in the log:
java.util.regex.PatternSyntaxException: Dangling meta character '*' near index 6 (?i).**demo1234.* ^ at java.util.regex.Pattern.error(Pattern.java:1957)
Also, if you try to use the password "abecedau1234*" for user "abecedau", the password passes the control, even if username is not enabled in the password.
And if you try to use the password "........", it "matches" all user attributes:
Files
Related issues
Updated by Ondřej Kopr about 5 years ago
- Related to Defect #1407: Control of personal attributes in password policy doesn't work added
Updated by Ondřej Kopr about 5 years ago
- Status changed from New to Rejected
This is solved in version 9.4.0-rc.1 See ticket #1407. It is same problem as second case.
Actions