[Koha-bugs] [Bug 19514] New: No Password restrictions in onboarding tool patron creation
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Oct 23 13:24:58 CEST 2017
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19514
Bug ID: 19514
Summary: No Password restrictions in onboarding tool patron
creation
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: ASSIGNED
Severity: critical
Priority: P3
Component: Installation and upgrade (web-based installer)
Assignee: alexbuckley at catalyst.net.nz
Reporter: alexbuckley at catalyst.net.nz
QA Contact: testopia at bugs.koha-community.org
CC: gmcharlt at gmail.com
When a superlibrarian user account is created in the onboarding tool there is
no checking of the password other than checking the two inputted password
values are matching.
This means the password length, complexity and if it contains whitespace is not
checked. This means users can enter in weak passwords causing a security
vulnerability which is particularly bad in this case because a superlibrarian
user is being created.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list