Make WordPress Core

Opened 11 years ago

Closed 11 years ago

#24099 closed defect (bug) (invalid)

It's possible to create a user with a password that will not work on login

Reported by: davidmixer's profile davidmixer Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.5.1
Component: Users Keywords:
Focuses: Cc:

Description

When i'm assigning the password OTmoP3ku8BZVWp to a user, worpress says it's very strong and it doesn't reject it in any way. When this user later tries to log in into the wp-admin, the user login data is not accepted. When i'm shortening the password, it works as expected.

Change History (3)

#1 @SergeyBiryukov
11 years ago

  • Keywords reporter-feedback added

Could not reproduce with your password example neither in 3.5.1 nor in 3.6-beta1.

Have you tested on a clean install (with Twenty Twelve or Twenty Eleven theme activated and all plugins disabled)?

#2 @davidmixer
11 years ago

You're right. I've tested the behaviour mentioned above with several of our corporate WP installations. The Bug occurs in all of them - except of one that is not using all plugins the others have in common. I wasn't expecting that a plugin is allowed to change WPs login behaviour.

Well, when i have some free time, i'll figure out which plugin causes the problem and inform the responsible developer.

Thank you!

#3 @SergeyBiryukov
11 years ago

  • Keywords reporter-feedback removed
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Severity changed from major to normal
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.