|
Title: Proxy password issue / bug ? Post by: sjarman on Saturday 15 November 2008, 01:20:31 am Hi, new user here. Great package.
Issue as follows : Am using community edition, local http proxy authentication, to police web access. Works great thanks :) However, I observe that some passwords are checked in a weak fashion. We have min pwd length 6. The example where this was spotted first is as follows : Username :- User13 Password :- unlucky-digit This user reported that using the password unlucky-number also granted access through the proxy. versions involved - this was identified on 2.2rc2, I have since done a backup and restored on to 2.2rc3 and the issue persists. My investigation has found that anything beyond the dash (-) is ignored, e.g the above user can get on with "unlucky-fruitcake" or even just plain "unlucky-" I'm not sure if this is a but or just a documentation issue, but I could not find it anywhere in the help or on here. Any thoughts ? |