chiu01 / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
0 stars 0 forks source link

FileBasedAuthenticator.verifyPasswordStrength does not calculate number of character sets correctly #17

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
Latest ESAPI downloaded 25 June 2009 from
http://owasp-esapi-java.googlecode.com/files/owasp-esapi-java-src-1.4.zip

The verifyPasswordStrength calculates number of character sets using binary
searches like this:
Arrays.binarySearch(DefaultEncoder.CHAR_LOWERS, newPassword.charAt(i)) > 0

However, if newPassword.charAt(i) = 'a', the result of the binary search
will be 0 and the greater than comparison will return false.

Tests should be greater than or equal like this:
Arrays.binarySearch(DefaultEncoder.CHAR_LOWERS, newPassword.charAt(i)) >= 0

Original issue reported on code.google.com by stuart.l...@gmail.com on 25 Jun 2009 at 11:14

GoogleCodeExporter commented 8 years ago
This is a simple bug

Original comment by chrisisbeef on 29 Oct 2009 at 5:25

GoogleCodeExporter commented 8 years ago
This issue was closed by revision r740.

Original comment by chrisisbeef on 29 Oct 2009 at 5:29