Uploaded image for project: 'Magnolia DX Core'
  1. Magnolia DX Core
  2. MGNLEE-594

Empty password check no longer works

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Cannot Reproduce
    • Icon: Neutral Neutral
    • None
    • 5.7, 6.1
    • None
    • LFRZ
    • Maintenance 33
    • 1

      Magnolia JCRAuthenticationModule implements a check for empty passwords, see

      https://git.magnolia-cms.com/projects/PLATFORM/repos/main.pub/browse/magnolia-jaas/src/main/java/info/magnolia/jaas/sp/jcr/JCRAuthenticationModule.java#156

      This check is no longer working correctly. It checks for empty strings, but since the change to Hashed/BCrypted passwords, an empty password results in a non-empty hash string, and this check does not catch it.

      The check needs to be implemented against the decrypted password.

        Acceptance criteria

              jalonso Jesus Alonso
              runger Richard Unger
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Bug DoR
                  Task DoD