WordPress.org

Make WordPress Core

Opened 12 years ago

Closed 12 years ago

#5837 closed defect (bug) (fixed)

WordPress and Moveable Type import create weak password

Reported by: pishmishy Owned by: pishmishy
Milestone: 2.5 Priority: high
Severity: normal Version: 2.3.3
Component: Security Keywords: password import wordpress mt has-patch tested
Focuses: Cc:
PR Number:

Description

wp-admin/import/mt.php and wp-admin/import/wordpress.php need to do something better than creating accounts with the password "changeme". For an import with few users it's not certain that the user will change all the new passwords, for an import with large numbers of users it could be a particularly laborious task.

Suggest generating a random password with the usual algorithm. User can have the admin change the password if needed, or run through the recovery process.

Attachments (1)

5837.patch (2.7 KB) - added by pishmishy 12 years ago.
Generates random passwords for users created by import

Download all attachments as: .zip

Change History (5)

@pishmishy
12 years ago

Generates random passwords for users created by import

#1 @pishmishy
12 years ago

  • Keywords has-patch tested added

#2 @ryan
12 years ago

Seems like a good idea to me.

#3 @pishmishy
12 years ago

  • Status changed from new to assigned

Forget the part I mentioned about the recovery process - these users won't have e-mail addresses. The patch reflects that even if the trac description didn't =)

#4 @westi
12 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [7065]) Generate random passwords for users created during import. Fixes #5837 props pishmishy.

Note: See TracTickets for help on using tickets.