[Kolab-devel] [issue4473] Kolab web interface (horde) prohibits passwords with 9+ chars
Gavin McCullagh
issues at kolab.org
Fri Jul 16 12:56:05 CEST 2010
New submission from Gavin McCullagh <gavin.mccullagh at gcd.ie>:
further to conversation on kolab-users, I consider it a bug to force users to
restrict their passwords to 8 characters.
/kolab/var/kolab/www/client/passwd/config/backends.php
password policy' => array(
'minLength' => 3,
'maxLength' => 8 ),
This restriction can be used by dictionary attackers who identify a kolab
server. They know for sure that no password is longer than 8 chars and can be
as short as 3.
It is also bad practice in general (at least in my opinion) to encourage use of
short passwords.
I suggest the defaults be changed to a more sensible range like (7,25)
Gavin
----------
messages: 25755
nosy: gavinmc
status: unread
title: Kolab web interface (horde) prohibits passwords with 9+ chars
______________________________________
Kolab issue tracker <issues at kolab.org>
<https://issues.kolab.org/issue4473>
______________________________________
More information about the devel
mailing list