[
https://issues.apache.org/jira/browse/SYNCOPE-1979?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18091204#comment-18091204
]
ASF subversion and git services commented on SYNCOPE-1979:
----------------------------------------------------------
Commit 769916b322b4184734c8f8630ebdd914d2bf8d65 in syncope's branch
refs/heads/master from Andrea Patricelli
[ https://gitbox.apache.org/repos/asf?p=syncope.git;h=769916b322 ]
[SYNCOPE-1979] check also for not permitted words and schemas as substrings in
default password rule (#1432)
> Password policy control over not permitted schemas and words does not work on
> substrings
> -----------------------------------------------------------------------------------------
>
> Key: SYNCOPE-1979
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1979
> Project: Syncope
> Issue Type: Bug
> Components: core
> Affects Versions: 4.1.1
> Reporter: Andrea Patricelli
> Assignee: Andrea Patricelli
> Priority: Major
> Fix For: 4.1.2, 5.0.0
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> # Login in console as admin user and define a new password policy with not
> permitted words, say "notpermitted1" and "notpermitted2" and not permitted
> schemas, say "firstname" and assign it to root realm.
> # Pick one user, (e.g. bellini in the sample environment) and set the
> password with some string containing "notpermitted1", e.g.
> "Notpermitted12345!" or the firstname of the user, e.g. "Bellini12345!".
> # Password is going to be validated successfully and update passed, though
> it should fail because the password contains (ignoring case) not permitted
> words or schemas.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
