Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Minor
Fix Version/s: 11.9
Affects Version/s: 5.4.5
Component/s: Administration, Web - Templates & Resources
Labels:
- security
- usability

Difficulty:
Unknown
Documentation:
N/A
Documentation in Release Notes:
N/A
Pull Request Status:
Pull Request accepted
Similar issues:

Description

Steps to reproduce:
1. Go to Registration page and register a user
2. A validation_message will be displayed ( if the password is to short/ weak, or they don't match)

3. Go to Login page and click "Forgot your password"
4. Write your username and click "Reset password"
5. An email will be sent, go and reset the password by clicking the link in the email
6. The below reset form will be displayed ( add a space in the input an click save)

Results:
In the reset password form :
1. The password is saved even if only contains empty space ( A user could set an invalid password, an insecure one. )
2. No hints below password field are displayed, as for password fields in registration form

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Screenshot from 2019-08-08 14-33-27.png
32 kB
08/Aug/19 13:34
Screenshot from 2019-08-08 14-50-49.png
17 kB
08/Aug/19 13:51

Issue Links

duplicates

XWIKI-11310 The password security is different from one page to another and can be skipped

Closed

relates to

XWIKI-16845 Remove check that prevents to use password containing only whitespaces

Closed

Activity

People

Assignee:: Gabriel Răileanu

Reporter:: Camelia Andrei

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 30/Jul/19 12:38

Updated:: 08/Nov/19 15:47

Resolved:: 11/Oct/19 16:04