Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
3.0.RC3
-
None
-
PHP Environment: 5.2.3
Database: MySQL 4.1.22
Description
if you are requesting a new password by sendpassword the generated password dose not follow the password complexity and password length from the ACP. It is all the time 8 Characters long and only includes Numbers and capitals. At no time the system buts in Symbols. So by sending password you can escape from the security right lines!
Attachments
Issue Links
- is related to
-
PHPBB3-9611 Increase entropy in activation keys
- Unverified Fix
-
PHPBB3-9612 Split gen_rand_string() into gen_rand_string() and gen_rand_string_friendly()
- Unverified Fix