[wp-trac] [WordPress Trac] #55536: Make sure wp_generate_password() never generates a string containing 0x to prevent blocking from mod_security
WordPress Trac
noreply at wordpress.org
Thu Apr 7 00:21:44 UTC 2022
#55536: Make sure wp_generate_password() never generates a string containing 0x to
prevent blocking from mod_security
--------------------------+------------------------------
Reporter: ReneHermi | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Changes (by peterwilsoncc):
* component: General => Security
Comment:
Thanks for the report @ReneHermi
This seems like a bug with mod security, I can see their developers
[https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/1662 merged a
fix] last year reduce the false positives.
Are you able to provide the following:
* is this issue occurring on the current release of mod security?
* if a password begins with `0x...` does the module prevent users logging
in?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/55536#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list