Serious issue with database login, a user may log in with a fictional password that begins with the actual password for the database [CORE3933] #4266
Comments
|
Commented by: @WarmBooter Up to FB 2.5.x, only the first 8 chars of the password are used. Afair, FB 3 will raise this limit to 32 chars. |
Modified by: Sean Leyne (seanleyne)status: Open [ 1 ] => Resolved [ 5 ] resolution: Duplicate [ 3 ] |
Modified by: @pcisarstatus: Resolved [ 5 ] => Closed [ 6 ] |
Modified by: @pavel-zotovQA Status: No test |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Submitted by: jaymie.phillips (jaymie.phillips1)
Duplicates CORE1898
The user is able to log in with a paswword that is an extended version of the password used for the database.
example:
if the password for the database is := masterkey then
the user is able to log in with a password of := masterkeythisisthepasswordrighthere
providing the username matches
this is however does not appear to apply to the username field
The text was updated successfully, but these errors were encountered: