Ticket #110 (closed defect: wontfix)

Opened 7 years ago

Last modified 7 years ago

Sponsorship - Given password which ends with charater / and doesn't work

Reported by: pjoulaud Owned by:
Priority: major Milestone: openPLM-1.1 Official Release
Component: models & controllers Version:
Keywords: Cc:

Description

One guy received e-mail with a password which ends with character /
He copied and pasted the username and password. He tried to login without success.
I looked at password and found a / at the end.
I deleted this character and could login.

Attachments

e_mail_sponsor.txt Download (345 bytes) - added by pjoulaud 7 years ago.

Change History

comment:1 in reply to: ↑ description Changed 7 years ago by pjoulaud

I attach an extract of the e-mail.

Changed 7 years ago by pjoulaud

comment:2 Changed 7 years ago by pcosquer

  • Status changed from new to closed
  • Resolution set to wontfix

Hi,

I've tested setting a password with a lot of special characters and it works.

It is possible that another sponsoring mail was sent and the password was reset.
Another possibility is that a space character or a new line was accidentally pasted.

Removing a character changes completely the password since a salt hashed is stored,
not the password. So it is normal that the user can login if you removed the "/".

I'm closing this ticket as I can not reproduced it and it is certainly an user manipulation error.

Regards,
Pierre

Note: See TracTickets for help on using tickets.