Closed Bug 287741 Opened 20 years ago Closed 19 years ago

changing password from 'password' to 'password' should not invalidate login cookies

Categories

(Bugzilla :: User Accounts, defect)

Product:
Bugzilla
Component:
User Accounts
Version:
2.19.2
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.22

People

(Reporter: timeless, Assigned: Wurblzap)

Details

Attachments

(1 file, 1 obsolete file)

Patch 1.1
1.44 KB, patch
LpSolit
: review+
Details | Diff | Splinter Review 
i have what i believe are dozens of browsers that were logged into
bugzilla.mozilla.org, i went to change my realname, and as per custom (because a
long time ago bugzilla refused to allow real name changes unless you changed
your password), i changed my password from 'password' to 'password' (verified
'password'). this fried my login cookies to all the browsers i have. the change
should not have fried my cookies.
Severity: major → normal
OS: Windows XP → All
Hardware: PC → All
Target Milestone: --- → Bugzilla 2.22
Attached patch Patch (obsolete) — Splinter Review 
Assignee: user-accounts → wurblzap
Status: NEW → ASSIGNED

        Attachment #205838 -
        Flags: review?

    
    

    
  
Comment on attachment 205838 [details] [diff] [review]
Patch

>             my $cryptedpassword = bz_crypt($pwd1);
>+            if ($oldcryptedpwd ne $cryptedpassword) {

This doesn't work. bz_crypt() uses a salt to encrypt the password and so both encrypted passwords differ, even if both passwords are equal.

        Attachment #205838 -
        Flags: review? → review-

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Patch 1.1Splinter Review
      

    


  
Fixed. I don't know what went wrong here.

        Attachment #205838 -
        Attachment is obsolete: true

        Attachment #205855 -
        Flags: review?(LpSolit)

    
    

    
  
Comment on attachment 205855 [details] [diff] [review]
Patch 1.1

r=LpSolit

        Attachment #205855 -
        Flags: review?(LpSolit) → review+

    
  
Flags: approval?
Flags: approval? → approval+

    
    

    
  
Checking in userprefs.cgi;
/cvsroot/mozilla/webtools/bugzilla/userprefs.cgi,v  <--  userprefs.cgi
new revision: 1.95; previous revision: 1.94
done

Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: