syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrea Patricelli (JIRA)" <j...@apache.org>
Subject [jira] [Created] (SYNCOPE-1337) Password history policy is not enforced on salted passwords
Date Fri, 13 Jul 2018 08:30:00 GMT
Andrea Patricelli created SYNCOPE-1337:
------------------------------------------

             Summary: Password history policy is not enforced on salted passwords
                 Key: SYNCOPE-1337
                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1337
             Project: Syncope
          Issue Type: Bug
          Components: core
    Affects Versions: 2.1.0, 2.0.9
            Reporter: Andrea Patricelli
             Fix For: 2.0.10, 2.1.1


# Define a password policy and set history to a value > 0 (even 1 is good).
 # Set configuration parameter password.cipher.algorithm to a salted algorithm, say SSHA512
for example.
 # Create and user with a password.
 # Try to edit (more times if you like, in order to populate password history) user by changing
the password (password management or edit wizard) to the same value or a value that you are
sure that is in the password history (to trigger the policy). You'll see that the password
is updated to the already used value and the history policy is not triggered.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message