Closed jrzeponi closed 1 month ago
When active zxcvbn password force, driver doesn't pass mail of session to check together with password, and it permitted pass mail as password, so I changed this part:
root@mailserver:~# diff password/drivers/zxcvbn.php password/drivers/zxcvbn-ori.php 60,67c60 < $rcmail = rcmail::get_instance(); < $local_part = $rcmail->user->get_username('local'); < $domain_part = $rcmail->user->get_username('domain'); < $username = $_SESSION['username']; < $userData = [ < $local_part, < $username < ]; --- > 69,70c62 < // $strength = $zxcvbn->passwordStrength($passwd); < $strength = $zxcvbn->passwordStrength($passwd, $userData); --- > $strength = $zxcvbn->passwordStrength($passwd); root@mailserver:~#
I think possible has better way to implement it, but I needed solving problem now and this way is working.
Done.
When active zxcvbn password force, driver doesn't pass mail of session to check together with password, and it permitted pass mail as password, so I changed this part:
I think possible has better way to implement it, but I needed solving problem now and this way is working.