Opened 7 years ago

Last modified 7 years ago

#28881 closed Cleanup/optimization

Common password validator does not handle case correctly — at Version 1

Reported by: Nick Farrell Owned by: nobody
Component: Documentation Version: 2.0
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Nick Farrell)

The CommonPasswordValidator holds a set of common passwords in memory, after strip()ing any whitespace.
While validating a password, it converts it to lowercase before comparing to the set. However, the reference set was not converted to lowercase.

This is not a problem when using the default set of common passwords, as they have been preprocessed to be lowercase. However, there is nothing in the documentation indicating this preprocessing should occur.

https://github.com/django/django/pull/9414

Change History (1)

comment:1 by Nick Farrell, 7 years ago

Description: modified (diff)
Note: See TracTickets for help on using tickets.
Back to Top