[MDEV-28838] password_reuse_check plugin mixes username and password - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: 10.7(EOL), 10.8(EOL), 10.9(EOL)
Fix Version/s: 10.7.5, 10.8.4, 10.9.2
Component/s: Plugins
Labels:
None

Description

password_reuse_check plugin cannot distinguish between username "foo" and password "bar" and username "foob" and password "ar".

To fix that, the string length can be added to the buffer first. Like:

  int4store(buff, hostname->length);

  memcpy(buff+4, hostname->str, hostname->length);

Attachments

Issue Links

is caused by

MDEV-9245 password "reuse prevention" validation plugin

Closed

relates to

MDEV-28234 Change maturity of plugins for July 2022 Releases

Closed

Activity

Transition	Time In Source Status	Execution Times

Sergei Golubchik made transition - 2022-06-14 10:30

Open

Confirmed

Oleksandr Byelkin made transition - 2022-06-29 11:53

Confirmed

In Progress

15d 1h 23m

Oleksandr Byelkin made transition - 2022-07-05 08:28

Stalled

In Progress

13h 31m

Oleksandr Byelkin made transition - 2022-07-05 10:44

In Progress

In Review

6h 15m

Sergei Golubchik made transition - 2022-07-05 20:27

In Review

Stalled

5d 12h 47m

Oleksandr Byelkin made transition - 2022-07-06 12:21

Stalled

Closed

15h 54m

People

Assignee:: Oleksandr Byelkin

Reporter:: Sergei Golubchik

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2022-06-14 10:30

Updated:: 2025-03-11 17:03

Resolved:: 2022-07-06 12:21

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration