[Tickets #12708] Password strength tests should be case insensitive
noreply at bugs.horde.org
noreply at bugs.horde.org
Wed Sep 25 18:04:50 UTC 2013
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/12708
------------------------------------------------------------------------------
Ticket | 12708
Created By | delrio at mie.utoronto.ca
Summary | Password strength tests should be case insensitive
Queue | Passwd
Version | 5.0.1
Type | Enhancement
State | New
Priority | 1. Low
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
delrio at mie.utoronto.ca (2013-09-25 18:04) wrote:
Simple capitalization of password (e.g. "UserName") passes the
similarity strength test.
A case insensitive test would make the test more effective.
--- Horde/Auth.php.orig
+++ Horde/Auth.php
@@ -437,7 +437,7 @@
// Check for percentages similarity also. This will catch
very simple
// Things like "password" -> "password2" or "xpasssword"...
foreach ($dict as $test) {
- similar_text($password, $test, $percent);
+ similar_text(strtolower($password), strtolower($test), $percent);
if ($percent > $max) {
throw new
Horde_Auth_Exception(Horde_Auth_Translation::t("The password is too
simple to guess."));
}
More information about the bugs
mailing list