[wp-trac] [WordPress Trac] #45100: Allow white space in password
WordPress Trac
noreply at wordpress.org
Wed Oct 17 18:28:17 UTC 2018
#45100: Allow white space in password
------------------------------------+------------------------------
Reporter: 3Lancer | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion | Focuses:
------------------------------------+------------------------------
Comment (by apmarshall):
Just to clarify, because the language of the original post and of
@mukesh27 's reply were ambiguous to me:
I am understanding this to be a report that WordPress currently (1) allows
a user to have whitespaces in their password, (2) trims those whitespaces
out, and (3) that this means that leading white spaces can be used to
bypass password length requirements. In other words that this is reporting
current behavior (a bug), not proposing a new behavior. Is that correct?
Follow-up questions, to clarify the impact of this bug:
What happens if the white-space is in the middle of the password. For
example "123 abc"? Does the trimming of the white space truncate the
password at "123" or does it compress it to "123abc" without the space in
the middle?
Similarly, do trailing white spaces (for example, a "1" followed by seven
spaces) have the same effect as the leading white space example in terms
of bypassing length requirements or does that only work if the white space
is the initial portion of the password?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/45100#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list