[Vtigercrm-commits] [Vtiger development] #7454: Special character (ampersand "&") in password locks user out

Vtiger development vtiger-tickets at trac.vtiger.com
Tue Sep 1 07:41:29 GMT 2015 

#7454: Special character (ampersand "&") in password locks user out
---------------------------------+------------------------
 Reporter:  rolf                 |       Owner:  developer
     Type:  defect               |      Status:  closed
 Priority:  critical             |   Milestone:  5.4.0
Component:  vtigercrm            |     Version:  5.3.0
 Severity:  Medium               |  Resolution:  fixed
 Keywords:  passwords ampersand  |
---------------------------------+------------------------

Old description:

> When a user password contains and ampersand ("&") the user can not log
> in.
>
> The vtiger change password feature accepts the password with the
> ampersand but subsequently the user can no longer log in.
>
> This behavior has been confirmed both with native database based
> authentication as well as with LDAP authentication.
>
> The issue creates seemingly random behavior allowing some users in and
> others not which has been very hard to narrow down.
>
> This bug is seems related to issue #6985 which talks about the same
> behavior with characters "<" and ">" which has been marked critical and
> is still open.
>
> In our situation we use LDAP and can not adjust password guidelines to
> work around vtiger password limitations so a fix would be most
> appreciated.

New description:

 When a user password contains and ampersand ("&") the user can not log in.

 The vtiger change password feature accepts the password with the ampersand
 but subsequently the user can no longer log in.

 This behavior has been confirmed both with native database based
 authentication as well as with LDAP authentication.

 The issue creates seemingly random behavior allowing some users in and
 others not which has been very hard to narrow down.

 This bug is seems related to issue #6985 which talks about the same
 behavior with characters "<" and ">" which has been marked critical and is
 still open.

 In our situation we use LDAP and can not adjust password guidelines to
 work around vtiger password limitations so a fix would be most
 appreciated.

--

Comment (by prasad):

 Changeset [14514]

--
Ticket URL: <http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7454#comment:5>
Vtiger development <http://trac.vtiger.com/>
Vtiger CRM

More information about the vtigercrm-commits mailing list