[wp-trac] [WordPress Trac] #55536: Make sure wp_generate_password() never generates a string containing 0x to prevent blocking from mod_security
WordPress Trac
noreply at wordpress.org
Fri Apr 8 02:59:23 UTC 2022
#55536: Make sure wp_generate_password() never generates a string containing 0x to
prevent blocking from mod_security
--------------------------+------------------------------
Reporter: ReneHermi | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Resolution: invalid
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by peterwilsoncc):
Thanks @ReneHermi,
I remembered overnight that the characters are three or more hexadecimal
characters.
When you were testing the WordPress password, did you include anything
outside of `[a-f0-9]` in the first three characters after the `0x`? If so,
would you be able to test with something like `0xa4detc,etc` as the
password?
Thanks for your help with this, I don't have access to a server with mod
security so I really appreciate your testing.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/55536#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list