Log in with wrong Password containing numbers...

VERIFIED DUPLICATE of bug 211006

Status

()

Bugzilla
User Accounts
VERIFIED DUPLICATE of bug 211006
12 years ago
12 years ago

People

(Reporter: duke, Unassigned)

Tracking

Details

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4

I found that i can log in with a wrong spelled Password.
Only the first part of the Password is checked.
'YourPassword1234145234526457anycrap' will log you in... and that doesn't seem to be right. 

This happens in every Version i have seen. 2.16 until 2.20.

I hope this Information is helpful for you. thanks

Reproducible: Always

Steps to Reproduce:
1. log out if you are logged in
2. log in
3. enter your valid login
4. enter your password spelled correctly
5. play around adding numbers and charakters after the password

Actual Results:  
you logged in with a 'wrong' password

Expected Results:  
A Password with numbers and even special Chars should work like in a serious Software...

If you change something about it.. this may lock users out who 'expect' their Password to be right...

Comment 1

12 years ago

*** This bug has been marked as a duplicate of 211006 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → DUPLICATE

Comment 2

12 years ago
The dupe is already public.
Group: webtools-security
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.