Closed jrzeponi closed 1 month ago
When active zxcvbn password force, driver doesn't pass mail of session to check together with password, and it permitted pass mail as password, so I changed this part:
root@mailserver:~# diff password/drivers/zxcvbn.php password/drivers/zxcvbn-ori.php 60,67c60 < $rcmail = rcmail::get_instance(); < $local_part = $rcmail->user->get_username('local'); < $domain_part = $rcmail->user->get_username('domain'); < $username = $_SESSION['username']; < $userData = [ < $local_part, < $username < ]; --- > 69,70c62 < // $strength = $zxcvbn->passwordStrength($passwd); < $strength = $zxcvbn->passwordStrength($passwd, $userData); --- > $strength = $zxcvbn->passwordStrength($passwd); root@mailserver:~#
I think possible has better way to implement it, but I needed solving problem now and this way is working.
Done.
alecpl
commented
1 month ago
When active zxcvbn password force, driver doesn't pass mail of session to check together with password, and it permitted pass mail as password, so I changed this part:
I think possible has better way to implement it, but I needed solving problem now and this way is working.