[wp-trac] [WordPress Trac] #32261: Security: Wordpress Admin/Backend: No Passwordlength is enforced = Big Security Risk
WordPress Trac
noreply at wordpress.org
Tue May 5 22:12:47 UTC 2015
#32261: Security: Wordpress Admin/Backend: No Passwordlength is enforced = Big
Security Risk
------------------------------+-----------------------------
Reporter: iamwordimpressed | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 4.2.1
Severity: normal | Keywords:
Focuses: |
------------------------------+-----------------------------
Hello,
in the wordpress admin on a profile page (http://localhost/my/wp-
admin/profile.php) when chaning the password, there is no password length
enforced! Yes there is a passwordstrength meter. But who of normal users
will really take care of it?
Wordpress is more and more used as a Plattform! A lot of "normal"
uneducated User will sing up and in (not only educated admins). We have a
very big site in the launch and I just shockingly realized this. Every of
the user could have set a single character as password. And there will be
users that do this.
Or alternativel put a BIG Wwarning with checkbox before installation, that
every administrator ist aware of this and can fix this big security hole.
I was not and I spent the last 6 month fulltime developing in wordpress!
(before even looking for a solution I am writing this ticket).
'''Please please ''enforce'' at least a passwordlength of 6 Characters.
Never put the responsibility of security onto the user but put it by
design into the application. everyting elese will lead to desasters.'''
Thanks!
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32261>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list