Andrea Patricelli created SYNCOPE-1337:
------------------------------------------
Summary: Password history policy is not enforced on salted
passwords
Key: SYNCOPE-1337
URL: https://issues.apache.org/jira/browse/SYNCOPE-1337
Project: Syncope
Issue Type: Bug
Components: core
Affects Versions: 2.1.0, 2.0.9
Reporter: Andrea Patricelli
Fix For: 2.0.10, 2.1.1
# Define a password policy and set history to a value > 0 (even 1 is good).
# Set configuration parameter password.cipher.algorithm to a salted algorithm,
say SSHA512 for example.
# Create and user with a password.
# Try to edit (more times if you like, in order to populate password history)
user by changing the password (password management or edit wizard) to the same
value or a value that you are sure that is in the password history (to trigger
the policy). You'll see that the password is updated to the already used value
and the history policy is not triggered.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
