-
### What feature?
# Strong Password Recommendation Feature
## Problem Description
In the registration section of a web application, users are required to set a password. However, many users oft…
-
This is a feature request for allowing users to [provide their own 12 recovery words](https://xkcd.com/936/) before enabling e2e on the desktop client. Allowing people to provide their own words open…
-
Hello shopcube developers,
We are a cybersecurity research group from the CISPA Helmholtz Center for Information Security and Ca’ Foscari University of Venice. We recently conducted an analysis of …
-
The current route will accept almost anything as a password. Implement some validation and even a system to measure the strength of passwords.
-
Hi,
Just by quick search I found this in zamekSecurity.unlock():
23: key[ i ] = pinArray[ i ];
28: aes128_cbc_enc( key, iv, data, 48 )
Means that all the key entropy came from PIN, which ca…
rosly updated
5 years ago
-
User passwords are stored in the MongoDB database using a cryptographically weak hashing algorithm (e.g. MD5). The user’s credentials are constructed into the string format username:mongo:password. An…
-
During registration process and during password forgotten process the strength of the password is checked. However, even if the password is weak it can be used. As a user I prefer that using a weak pa…
-
wp-admin/profile.php allows editing certain things (email, password, etc) for users.
We should disable that UI upon launch, so that we don't have any bypasses of allowing users to set weak password…
-
The sign-up form currently accepts passwords of any length, including very short ones, and does not enforce the use of special characters or capital letters. This lack of password policy leads to weak…
-
## Description
The password change functionality is currently broken due to a 404 error when attempting to send a password change. This error is preventing users from successfully updating their pass…