[MDEV-28838] password_reuse_check plugin mixes username and password - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: 10.7, 10.8, 10.9
Fix Version/s: 10.7.5, 10.8.4, 10.9.2
Component/s: Plugins
Labels:
None

Description

password_reuse_check plugin cannot distinguish between username "foo" and password "bar" and username "foob" and password "ar".

To fix that, the string length can be added to the buffer first. Like:

  int4store(buff, hostname->length);

  memcpy(buff+4, hostname->str, hostname->length);

Attachments

Issue Links

is caused by

MDEV-9245 password "reuse prevention" validation plugin

Closed

relates to

MDEV-28234 Change maturity of plugins for July 2022 Releases

Closed

Activity

People

Assignee:: Oleksandr Byelkin

Reporter:: Sergei Golubchik

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2022-06-14 10:30

Updated:: 2022-11-10 10:00

Resolved:: 2022-07-06 12:21

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.