toddyo / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

Setting password with password in LDAP hisory causes browser crash #706

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Sign in to change a known password.
2. Attempt to set password to one that is already in AD password history

What is the expected output? What do you see instead?
I expect that the password set would fail indicating a requirement failure.  
Instead, it appears to allow me to set the password, then hangs and eventually 
crashes the browser.

What version of PWM are you using?
1.7.1

What ldap directory and version are you using?
Active Directory, Windows Server 2012

Please paste any error log messages below:

No errors are generated in the PWM log as a result of this.  

This has been tested and reproduced on current versions of Chrome and Firefox 
in both Linux and Windows 7 platforms.  

Interestingly, IE11.0.9600.17959, which apparently doesn't do any of the 
scripting that would cause the issue to arise (namely, no ahead-of-time form 
validation) does not have the issue.

Using a debugger in Firefox, we were able to determine that it appears to be a 
JavaScript error.  The loop appears to be an infinite recursion between the 
functions "messageDivFloatHandler" and "doShow" through dojo functions.

Original issue reported on code.google.com by bhunt...@clarkson.edu on 14 Aug 2015 at 10:03