Closed
Bug 1379702
Opened 7 years ago
Closed 6 years ago
No length defined ( For Setting Password )
Categories
(bugzilla.mozilla.org :: Extensions, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: rajauzair926, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0 Build ID: 20170628075643 Steps to reproduce: I just setup Password with length of 110600 chars Actual results: This will take more space then ordinary passwords in mozilla Server Side Expected results: This could lead to the taking more space in Server Side of Mozilla and Could lead to Danial Of Service while Validating Password chars by chars
Reporter | ||
Comment 1•7 years ago
|
||
Its missing Best Practice Vulnerability (with Limited Impact).
Moving to security while asking for review.
Group: bugzilla-security
Flags: sec-review?(dveditz)
Flags: sec-bounty?
Comment 3•7 years ago
|
||
Passwords are hashed, it doesn't matter how long they are. The password being huge is not appreciably different than any other field being very big, so in theory the request would be huge.
Flags: sec-review?(dveditz) → needinfo?(jclaudius)
Comment 4•7 years ago
|
||
This is a dupe of something, I'll figure it out in the morning. Or maybe someone else can.
Group: bugzilla-security
Comment 5•7 years ago
|
||
This does not appear to be a security related bug to me. I believe dylan has this nailed down with comment 3.
Flags: needinfo?(jclaudius)
Reporter | ||
Comment 6•7 years ago
|
||
I know,I just found a Missing Best Practice Bug as I Mentioned in Comment 1
Updated•7 years ago
|
Flags: sec-bounty? → sec-bounty-
Comment 7•6 years ago
|
||
passwdqc now enforces some very large maximum.
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Comment 8•6 years ago
|
||
Any HOF chances? i had reported XSS stored but marked as self and too given HOF
Comment 9•6 years ago
|
||
rajauzairabdullah: Not in this case, we don't assess any security impact to the site or it's users as a result of this. Thanks for asking though.
Updated•5 years ago
|
Component: Extensions: UserProfile → Extensions
You need to log in
before you can comment on or make changes to this bug.
Description
•