search

trustelem / zxcvbn

Go implementation of Dropbox's zxcvbn realistic password strength estimator
MIT License
68 stars 13 forks source link

Strength estimator crashes on empty password + others #1

Closed stevenjohnstone closed 5 years ago

stevenjohnstone commented 6 years ago

I added some fuzzing and found that there's various crashing bugs (indexes arrays outside of bounds) e.g with password "".

vanackere commented 6 years ago

Thanks for the report, I'll have a look ASAP.

vanackere commented 6 years ago

I fixed the obvious crashes and merged your fuzzing patches. I don't have much time right now but I intend to fixe every crash properly. Thanks !

vanackere commented 5 years ago

I'm running a new fuzzing session, but cannot find any new crash (for now). I will close this bug after a few days unless a new crash occurs...