fabio martelli created SYNCOPE-928:
--------------------------------------
Summary: Table that stores user passwords store duplicate entries
Key: SYNCOPE-928
URL: https://issues.apache.org/jira/browse/SYNCOPE-928
Project: Syncope
Issue Type: Bug
Components: core
Affects Versions: 2.0.0-M4, 1.2.8, 1.1.8
Reporter: fabio martelli
Assignee: fabio martelli
Fix For: 1.1.9, 1.2.9, 2.0.0-M5
A potential security issue has been identified on the mailing list
http://syncope-dev.1063484.n5.nabble.com/Syncope-Password-History-Question-td5720367.html
Essentially the table that stores user passwords is storing duplicate
entries. So if you have a policy that mandates that a user can only change
to his/her original password after say 8 resets, then the user will be able
to do so in 5 instead.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
