[MGNLUI-6410] Users can be created with empty passwords Created: 10/Jan/20  Updated: 25/Nov/20  Resolved: 24/Nov/20

Status: Closed
Project: Magnolia UI
Component/s: None
Affects Version/s: 5.6, 5.7, 6.1
Fix Version/s: 5.7.9, 6.2.5

Type: Bug Priority: Neutral
Reporter: Richard Unger Assignee: Jesus Alonso
Resolution: Fixed Votes: 0
Labels: maintenance, security, security-app
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

LFRZ


Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:
Sprint: Maintenance 33, Maintenance 34
Story Points: 2

 Description   

The security app checks for empty passwords and prevents them when editing users, but not when creating a new user. In this way users can be created without a password.

Combined with the other bug I just reported (MGNLEE-594), this means that users created in this way can then log in with no password.

Please add the empty password check also on user creation.


Generated at Mon Feb 12 09:36:10 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.