User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0 Build ID: 20170628075643 Steps to reproduce: I just setup Password with length of 110600 chars Actual results: This will take more space then ordinary passwords in mozilla Server Side Expected results: This could lead to the taking more space in Server Side of Mozilla and Could lead to Danial Of Service while Validating Password chars by chars
Its missing Best Practice Vulnerability (with Limited Impact).
Moving to security while asking for review.
Passwords are hashed, it doesn't matter how long they are. The password being huge is not appreciably different than any other field being very big, so in theory the request would be huge.
Flags: sec-review?(dveditz) → needinfo?(jclaudius)
This is a dupe of something, I'll figure it out in the morning. Or maybe someone else can.
This does not appear to be a security related bug to me. I believe dylan has this nailed down with comment 3.
I know,I just found a Missing Best Practice Bug as I Mentioned in Comment 1
Flags: sec-bounty? → sec-bounty-
passwdqc now enforces some very large maximum.
Status: UNCONFIRMED → RESOLVED
Last Resolved: a month ago
Resolution: --- → FIXED
Any HOF chances? i had reported XSS stored but marked as self and too given HOF
rajauzairabdullah: Not in this case, we don't assess any security impact to the site or it's users as a result of this. Thanks for asking though.
You need to log in before you can comment on or make changes to this bug.