Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Blocker
-
Resolution: Fixed
-
Affects Version/s: 10.7, 10.8, 10.9
-
Component/s: Plugins
-
Labels:None
Description
password_reuse_check plugin cannot distinguish between username "foo" and password "bar" and username "foob" and password "ar".
To fix that, the string length can be added to the buffer first. Like:
int4store(buff, hostname->length);
|
memcpy(buff+4, hostname->str, hostname->length); |
Attachments
Issue Links
- is caused by
-
MDEV-9245 password "reuse prevention" validation plugin
-
- Closed
-
- relates to
-
MDEV-28234 Change maturity of plugins for July 2022 Releases
-
- Closed
-