View Issue Details

IDProjectCategoryView StatusLast Update
0019276phpList 3 applicationAuthentication Systempublic14-06-18 07:52
Reportersuela 
PrioritynormalSeveritymajorReproducibilitysometimes
Status resolvedResolutionfixed 
Product Version3.3.3 
Target Version3.3.4Fixed in Version3.3.3 
Summary0019276: Login fails with short usernames giving “Please Enter Credentials” message
DescriptionThe issue was reported on the forum: https://discuss.phplist.org/t/please-enter-credentials-after-upgrade-to-3-3-3/4055

TagsNo tags attached.

Activities

suela

07-06-18 12:45

administrator   ~0060694

There is a comparation being made to show the message when the username is <4 characters long.

xheni

07-06-18 12:46

administrator   ~0060695

I think it was introduced by this commit : https://github.com/phpList/phplist-ui-bootlist/commit/6d19104c230b7de6b272d5dbe09bca4bbedf5935

michiel

07-06-18 19:14

manager   ~0060701

Hmm, I think we should discourage short names, but I guess we can't go back on it now.

Cornwell

08-06-18 13:45

reporter   ~0060704

I'm not clear what benefit would come from discouraging short names. My user Sue would agree with me. I'm all for discouraging easily guessable passwords.

michiel

08-06-18 19:59

manager   ~0060705

fair enough. The main benefit is entropy. Guessing a one-letter login only takes 26 attempts. Two letters 676 and three letters 17576.

xheni

12-06-18 13:59

administrator   ~0060720

PR: https://github.com/phpList/phplist-ui-bootlist/pull/56