CMS MADE SIMPLE FORGE

CMS Made Simple Core

 
Back Back to List

[#9147] User password appear to be silently truncated when updated in admin module

avatar
Created By: Ken (krussell)
Date Submitted: Mon Apr 15 07:12:05 -0400 2013

Assigned To:
Version: None
CMSMS Version: None
Severity: Minor
Resolution: Fixed
State: Closed
Summary:
User password appear to be silently truncated when updated in admin module
Detailed Description:
I am using version 1.11.5, and ran into a problem when resetting passwords for
users on the site. I was attempting to set long passwords based on several
random words. The admin module accepted the passwords update, but I was unable
to log in using the new password.

After a bit of investigation, it appears that the admin module is silently
truncating the entered password to 25 characters (so when I attempted to log in
with the longer password I thought I had set, it was not recognised).

Validation and an appropriate maximum password size warning should be added to
the admin module to ensure that users can only enter a maximum of 25 characters,
and don't end up unwittingly setting passwords that are different from the value
they entered in the password field.
Could you also consider increasing the maximum password size, because using
several conventional words separated by spaces is a valid strategy for creating
long, secure passwords that are also easy to remember?


History

Comments
avatar 
Date: 2013-04-15 09:01
Posted By: Robert Campbell (calguy1000)

The maximum lemgth for the password field when adding editing a user is 25
characters.

There will be no copy/paste ability for these fields in CMSMS 2.0 so there won't
be a problem.
avatar 
Date: 2015-09-06 12:57
Posted By: Rolf (rolf1)

CMS Made Simple 2.0 is released
Updates

Updated: 2015-09-06 12:57
cmsms_version_id: 30005 => -1
state: Open => Closed

Updated: 2013-04-15 09:01
resolution_id: => 7
severity_id: 2 => 3