| Summary | Password strength tests should be case insensitive |
| Queue | Horde Framework Packages |
| Queue Version | Git master |
| Type | Enhancement |
| State | Resolved |
| Priority | 1. Low |
| Owners | slusarz (at) horde (dot) org |
| Requester | delrio (at) mie (dot) utoronto (dot) ca |
| Created | 09/25/2013 (4299 days ago) |
| Due | |
| Updated | 10/01/2013 (4293 days ago) |
| Assigned | |
| Resolved | 10/01/2013 (4293 days ago) |
| Milestone | |
| Patch | No |
Version ⇒ Git master
Queue ⇒ Horde Framework Packages
State ⇒ Resolved
commit baff95449f0fd29b3c1681acbfc3b19adbefa515
Author: Michael M Slusarz <slusarz@horde.org>
Date: Tue Oct 1 13:04:12 2013 -0600
[mms] Password strength testing is now case-insensitive
(delrio@mie.utoronto.ca;
Request #12708).framework/Auth/lib/Horde/Auth.php | 3 ++-
framework/Auth/package.xml | 4 ++--
2 files changed, 4 insertions(+), 3 deletions(-)
http://git.horde.org/horde-git/-/commit/baff95449f0fd29b3c1681acbfc3b19adbefa515
Priority ⇒ 1. Low
Patch ⇒ No
Milestone ⇒
Queue ⇒ Passwd
Summary ⇒ Password strength tests should be case insensitive
Type ⇒ Enhancement
State ⇒ New
similarity strength test.
A case insensitive test would make the test more effective.
--- Horde/Auth.php.orig
+++ Horde/Auth.php
@@ -437,7 +437,7 @@
// Check for percentages similarity also. This will catch
very simple
// Things like "password" -> "password2" or "xpasssword"...
foreach ($dict as $test) {
- similar_text($password, $test, $percent);
+ similar_text(strtolower($password), strtolower($test), $percent);
if ($percent > $max) {
throw new
Horde_Auth_Exception(Horde_Auth_Translation::t("The password is too
simple to guess."));
}