6.0.0-git
2019-03-20

[#12708] Password strength tests should be case insensitive
Summary Password strength tests should be case insensitive
Queue Horde Framework Packages
Queue Version Git master
Type Enhancement
State Resolved
Priority 1. Low
Owners slusarz (at) horde (dot) org
Requester delrio (at) mie (dot) utoronto (dot) ca
Created 2013-09-25 (2002 days ago)
Due
Updated 2013-10-01 (1996 days ago)
Assigned
Resolved 2013-10-01 (1996 days ago)
Milestone
Patch No

History
2013-10-01 19:05:27 Michael Slusarz Assigned to Michael Slusarz
 
2013-10-01 19:05:18 Michael Slusarz Comment #3
Version ⇒ Git master
Queue ⇒ Horde Framework Packages
State ⇒ Resolved
Reply to this comment
Horde_Auth 2.1.1.
2013-10-01 19:04:56 Git Commit Comment #2 Reply to this comment
Changes have been made in Git (master):

commit baff95449f0fd29b3c1681acbfc3b19adbefa515
Author: Michael M Slusarz <slusarz@horde.org>
Date:   Tue Oct 1 13:04:12 2013 -0600

     [mms] Password strength testing is now case-insensitive 
(delrio@mie.utoronto.ca; Request #12708).

  framework/Auth/lib/Horde/Auth.php |    3 ++-
  framework/Auth/package.xml        |    4 ++--
  2 files changed, 4 insertions(+), 3 deletions(-)

http://git.horde.org/horde-git/-/commit/baff95449f0fd29b3c1681acbfc3b19adbefa515
2013-09-25 18:04:49 delrio (at) mie (dot) utoronto (dot) ca Comment #1
Type ⇒ Enhancement
State ⇒ New
Priority ⇒ 1. Low
Summary ⇒ Password strength tests should be case insensitive
Queue ⇒ Passwd
Milestone ⇒
Patch ⇒ No
Reply to this comment
Simple capitalization of password (e.g. "UserName") passes the 
similarity strength test.
A case insensitive test would make the test more effective.


--- Horde/Auth.php.orig
+++ Horde/Auth.php
@@ -437,7 +437,7 @@
          // Check for percentages similarity also.  This will catch 
very simple
          // Things like "password" -> "password2" or "xpasssword"...
          foreach ($dict as $test) {
-            similar_text($password, $test, $percent);
+            similar_text(strtolower($password), strtolower($test), $percent);
              if ($percent > $max) {
                  throw new 
Horde_Auth_Exception(Horde_Auth_Translation::t("The password is too 
simple to guess."));
              }

Saved Queries