Project

General

Profile

Actions

Task #1528

closed

Task #1503: Testing of the product (9.4.0)

Some special characters not accepted as part of a password

Added by milus kotisova about 5 years ago. Updated about 5 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
milus kotisova
Category:
Password policy
Target version:
-
Start date:
02/21/2019
Due date:
% Done:

0%

Estimated time:
Owner:

Description

TC 95: Password policy: verifying a valid password according to the newly set rules
https://kiwi.czechidm.com/case/95/

@affected version 9.4.0

Although perfectly in line with the set policy (no special characters forbidden) - see screenshot,
none of these passwords are accepted:
PYM32p (7) (an.jed)
PYM32p
(7)
PYM*32p (7)
!#$HOPq00 (10)
$HOPq00!
# (10)
HOPq00!@#$ (10)
$KUKu22 (7) (ba.jed)
%QXYa10 (7) (ca.jed)

The issue is most likely that some special characters, since the following password is evaluated as valid:
%HOP00c (user an.jed)

Or could it be that - in an analogy to 2 failed login attempts - after two FAILED pwd change attempts, the system no longer lets me change my password no matter what? What makes me think that? I tried to use the same successful valid psw from one user (an.jed) with another user (ba.jed), but after several failed attempts. And IDM didn't accept it this time.

It is important to note here that I started with negative testing, i.e. non-valid passwords.

The two issues could also be combined, as the very first valid attempt with yet another user - ca.jed - was rejected as well - %QXYa10 (7) (ca.jed)


Files

policy.png (17 KB) policy.png milus kotisova, 02/21/2019 08:59 AM
no_forbidden_char.png (23.6 KB) no_forbidden_char.png milus kotisova, 02/21/2019 08:59 AM
message.png (60.1 KB) message.png milus kotisova, 02/21/2019 08:59 AM
Actions #1

Updated by Radek Tomiška about 5 years ago

  • Assignee changed from Vít Švanda to Ondřej Kopr
Actions #2

Updated by Ondřej Kopr about 5 years ago

  • Status changed from New to In Progress
Actions #3

Updated by milus kotisova about 5 years ago

  • Tracker changed from Defect to Task
  • Status changed from In Progress to Closed
  • Assignee changed from Ondřej Kopr to milus kotisova

The issue was caused by Firefox, remembering one unrelated password that seemed to pre-fill the "old password" field.

Solution: The wording above the 3 fields (old and new passwords) will be changed to a clearer instruction: "Please enter..."

Actions #4

Updated by Radek Tomiška about 5 years ago

  • Status changed from Closed to Rejected
Actions

Also available in: Atom PDF