Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-5164

Honor minimum and maximum password length in generated passwords as much as possible.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.RC3
    • Fix Version/s: 3.0.8-RC1
    • Labels:
      None
    • Environment:
      PHP Environment: 5.2.3
      Database: MySQL 4.1.22

      Description

      if you are requesting a new password by sendpassword the generated password dose not follow the password complexity and password length from the ACP. It is all the time 8 Characters long and only includes Numbers and capitals. At no time the system buts in Symbols. So by sending password you can escape from the security right lines!

        Issue Links

          Activity

          Hide
          Acyd Burn Meik Sievertsen [X] (Inactive) added a comment -

          I do not see an issue here. I do not think we are changing (or adhering to) the complexity, though may create a "maximum length" password.

          Show
          Acyd Burn Meik Sievertsen [X] (Inactive) added a comment - I do not see an issue here. I do not think we are changing (or adhering to) the complexity, though may create a "maximum length" password.
          Show
          bantu Andreas Fischer added a comment - Doesn't look like this has been fixed. http://code.phpbb.com/repositories/annotate/phpbb/branches/phpBB-3_0_0/phpBB/includes/ucp/ucp_remind.php#L78

            People

            • Assignee:
              bantu Andreas Fischer
              Reporter:
              lateiner lateiner
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development