andytanoko / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
0 stars 0 forks source link

Authenticator.verifyPasswordStrength does not count special characters #65

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
When I enter as new password <strong>b!gbr0ther</strong>
Authenticator.verifyPasswordStrength throws AuthenticationCredentialsException

Based on the algorythm it should be a strong password. The problem relies
on binarySearch of special characters as it always fails for special
character !

The problem is that EncoderConstants.CHAR_SPECIALS array is not sorted.
After sorting the array it works fine

char[] CHAR_SPECIALS = { 
    '!', //33
    '$', //36
    '*', //42
    '+', //43
    '-', //45
    '.', //46
    '=', //61
    '?', //63
    '@', //64
    '^', //94
    '_', //95
    '|', //124
    '~'  //126
    };

I use ESAPI 2.0-rc4, java 1.6.0_16

Original issue reported on code.google.com by johnkoutros on 30 Nov 2009 at 10:02

GoogleCodeExporter commented 9 years ago

Original comment by chrisisbeef on 2 Dec 2009 at 5:37

GoogleCodeExporter commented 9 years ago
This issue was closed by revision r843.

Original comment by chrisisbeef on 2 Dec 2009 at 5:39