Ticket #5837 (closed defect (bug): fixed)

Opened 4 years ago

Last modified 4 years ago

WordPress and Moveable Type import create weak password

Reported by: pishmishy Owned by: pishmishy
Priority: high Milestone: 2.5
Component: Security Version: 2.3.3
Severity: normal Keywords: password import wordpress mt has-patch tested
Cc:

Description

wp-admin/import/mt.php and wp-admin/import/wordpress.php need to do something better than creating accounts with the password "changeme". For an import with few users it's not certain that the user will change all the new passwords, for an import with large numbers of users it could be a particularly laborious task.

Suggest generating a random password with the usual algorithm. User can have the admin change the password if needed, or run through the recovery process.

Attachments

5837.patch Download (2.7 KB) - added by pishmishy 4 years ago.
Generates random passwords for users created by import

Change History

pishmishy4 years ago

Generates random passwords for users created by import

comment:1   pishmishy4 years ago

  • Keywords has-patch tested added

comment:2   ryan4 years ago

Seems like a good idea to me.

comment:3   pishmishy4 years ago

  • Status changed from new to assigned

Forget the part I mentioned about the recovery process - these users won't have e-mail addresses. The patch reflects that even if the trac description didn't =)

comment:4   westi4 years ago

  • Status changed from assigned to closed
  • Resolution set to fixed

(In [7065]) Generate random passwords for users created during import. Fixes #5837 props pishmishy.

Note: See TracTickets for help on using tickets.