Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Cannot Reproduce
Priority: Neutral
Fix Version/s: None
Affects Version/s: 5.7, 6.1
Component/s: None
Labels:
- maintenance
- security
Environment:
LFRZ

Template:
Acceptance criteria:

Empty

show more show less
Task DoD:

show more show less
Bug DoR:

show more show less
Sprint:
Maintenance 33
Story Points:
1

Description

Magnolia JCRAuthenticationModule implements a check for empty passwords, see

https://git.magnolia-cms.com/projects/PLATFORM/repos/main.pub/browse/magnolia-jaas/src/main/java/info/magnolia/jaas/sp/jcr/JCRAuthenticationModule.java#156

This check is no longer working correctly. It checks for empty strings, but since the change to Hashed/BCrypted passwords, an empty password results in a non-empty hash string, and this check does not catch it.

The check needs to be implemented against the decrypted password.

Checklists

Acceptance criteria

Attachments

Activity

People

Assignee:: Jesus Alonso

Reporter:: Richard Unger

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 10/Jan/20 2:42 PM

Updated:: 17/Nov/20 10:30 AM

Resolved:: 17/Nov/20 10:10 AM

Date of First Response:: 31/Jan/20 1:50 PM

Checklists

Bug DoR

Task DoD