Viestit paikassa Transifex

Password handling is broken

27. lokakuuta 2019 klo 13.44
Sijainti: Muut: Transifex
Avainsanat: saavutettavuus, turvallisuus

I just found out that password handling on the Transifex website is broken. After failing to log in with my old password, I requested a password reset, but even after resetting the password back to the old password I still could not log in with it. I then reset it again, and this time used a simplistic password (just fulfilling the silly requirements set by the reset form). This then allowed me to log in.

I then went to my account settings and again set my password back to the old one. I then tried logging in again, and again it failed.

So the password handling is triply broken: it fails to warn me about the requirements for a truly working password, it fails to store a truly strong password, and it fails to prevent the non-working password from being saved, causing a non-working login.

Vastaa viestiin sen kontekstissa (Transifex)