Changes between Initial Version and Version 1 of Ticket #11959, comment 11
- Timestamp:
- 03/13/2019 07:59:41 AM (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #11959, comment 11
initial v1 1 Functions such as username_exists() fail to perform sanity checks against the storage schema. As a result, it is possible to register multiple users with the same username, if the length is greater than or equal to the username field size. Only the first user can login, however anyone re-registering that username can impersonate the first user to reset their password.1 I tested this in `trunk` and was unable to create a user with a username longer than 60 characters. Closing this as it looks like it was fixed inadvertently by [32299].