Flaw in valid password policy

[GoogleCodeExporter]

What version of WinAuth?
3.1.8

What system/version (e.g. Windows 7)?
windows 7

How many authenticators do you have? If one, what type (e.g. Google
Authenticator/Battle.net)?
1 only. Google Authenticator.

Do you use a password?
Yeah! I do.

Do you use the "Encrypt to only be useable on this computer" protection?
Nope.

What steps will reproduce the problem?
1.Update your password.
2.Add a trailing space in your password.That means add a space character at the 
last of your password.
3.Now exit the app.And login again.
4. You will be able to login with the space charactered password.
5. Now go to settings > change protection
6. It will ask you to give your password.Now your old password will be shown as 
incorrect.With space or without space.Its incorrect everytime.

So you would not be able to update your password any longer.That pushes the 
user into a vulnerable condition.

will look forward to hear from you soon.

Thanks

Tarek S.
Securifice Bangladesh.

If you are able to load WinAuth, please click the cog icon and choose
"About...". Click the Diagnostics button and copy the contents of the field
(beginning with "--BEGIN PGP MESSAGE---") into a file and attach to this
issue.

Please provide any additional information:

Original issue reported on code.google.com by haxorsi...@gmail.com on 3 Nov 2014 at 9:18

Attachments:

• winauth.txt

[GoogleCodeExporter]

Thanks for finding this. It'll be fixed shortly.

Original comment by winauth on 3 Nov 2014 at 9:24

• Changed state: Accepted
• Added labels: Priority-High
• Removed labels: Priority-Medium