Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-28838

password_reuse_check plugin mixes username and password

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Blocker
    • Resolution: Fixed
    • 10.7(EOL), 10.8(EOL), 10.9(EOL)
    • 10.7.5, 10.8.4, 10.9.2
    • Plugins
    • None

    Description

      password_reuse_check plugin cannot distinguish between username "foo" and password "bar" and username "foob" and password "ar".

      To fix that, the string length can be added to the buffer first. Like:

        int4store(buff, hostname->length);
      		 
        memcpy(buff+4, hostname->str, hostname->length);

      Attachments

        Issue Links

          is caused by

          Task - A task that needs to be done. MDEV-9245 password "reuse prevention" validation plugin

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          relates to

          Task - A task that needs to be done. MDEV-28234 Change maturity of plugins for July 2022 Releases

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Activity

            People

              sanja Oleksandr Byelkin
              serg Sergei Golubchik
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.