Make WordPress Core

Opened 16 years ago

Closed 16 years ago

#5837 closed defect (bug) (fixed)

WordPress and Moveable Type import create weak password

Reported by: pishmishy's profile pishmishy Owned by: pishmishy's profile pishmishy
Milestone: 2.5 Priority: high
Severity: normal Version: 2.3.3
Component: Security Keywords: password import wordpress mt has-patch tested
Focuses: Cc:


wp-admin/import/mt.php and wp-admin/import/wordpress.php need to do something better than creating accounts with the password "changeme". For an import with few users it's not certain that the user will change all the new passwords, for an import with large numbers of users it could be a particularly laborious task.

Suggest generating a random password with the usual algorithm. User can have the admin change the password if needed, or run through the recovery process.

Attachments (1)

5837.patch (2.7 KB) - added by pishmishy 16 years ago.
Generates random passwords for users created by import

Download all attachments as: .zip

Change History (5)

16 years ago

Generates random passwords for users created by import

#1 @pishmishy
16 years ago

  • Keywords has-patch tested added

#2 @ryan
16 years ago

Seems like a good idea to me.

#3 @pishmishy
16 years ago

  • Status changed from new to assigned

Forget the part I mentioned about the recovery process - these users won't have e-mail addresses. The patch reflects that even if the trac description didn't =)

#4 @westi
16 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [7065]) Generate random passwords for users created during import. Fixes #5837 props pishmishy.

Note: See TracTickets for help on using tickets.