Make WordPress Core

Opened 9 years ago

Closed 9 years ago

#32411 closed enhancement (invalid)

Password Strengh giving "strong" for a bad password

Reported by: juliobox's profile juliobox Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.3
Component: Security Keywords:
Focuses: Cc:

Description

Hello folks,

I was testing some password patterns and i found one kind of password that triggers the "strong" result, but, i think, not really being secure.

The password is :

  b.  .

(space space b dot space space dot). Yes, i'm weird testing this ;)

https://dl.dropboxusercontent.com/u/45956904/ScreenShots/strong_password.gif

"b" can't be "a" but can be "x", Some spaces can be "-" etc
Only 7 chars, only 4 differents, no caps, 2 times 2 same chars.

If i relay (a little) on http://howsecureismypassword.net this password will be cracked by BF attacks in 0.05sec

Maybe the pasword strengh algorythm has to be checked?

Thanks you

Change History (4)

#1 @juliobox
9 years ago

You can also test :

  b. ²

6 chars, still strong

#2 @SergeyBiryukov
9 years ago

This should probably be reported upstream at https://github.com/dropbox/zxcvbn.

Related: #28910.

#3 @juliobox
9 years ago

Ok so, do i close this ticket?

Last edited 9 years ago by juliobox (previous) (diff)

#4 @chriscct7
9 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Yep this needs to go upstream. Closing as invalid.

Note: See TracTickets for help on using tickets.