Last modified: 2013-06-26 04:04:17 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T48973, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 46973 - can enter user name & same password separated by a space in username allows creation of new account
can enter user name & same password separated by a space in username allows c...
Status: NEW
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
1.22.0
PC Windows 7
: Low normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-04-06 21:38 UTC by JA_Harrison
Modified: 2013-06-26 04:04 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
dup user name & password (130.18 KB, application/vnd.openxmlformats-officedocument.wordprocessingml.document)
2013-04-08 15:51 UTC, JA_Harrison 		Details
Add an attachment (proposed patch, testcase, etc.)

Description JA_Harrison 2013-04-06 21:38:23 UTC 
When a user creates a new account, they only have to enter a space (haven't tried other special characters) to differentiate from entering the same password (without a space).   Example:

username:  david wright
password:  davidwright

is a legit entry for creating an account.  Is this something you wish to have?

I tried to attach pictures which you can see what I entered on the create a new account page and then the welcome page result.  Unfortunately I don't see them added to this report.  Please email a request to have me email to someone if interested.
Comment 1 Betacommand 2013-04-06 22:25:09 UTC 
Is https://www.mediawiki.org/wiki/Extension:AntiSpoof installed?
Comment 2 Andre Klapper 2013-04-08 14:57:43 UTC 
(In reply to comment #0)
> I tried to attach pictures which you can see what I entered on the create a
> new account page and then the welcome page result.  Unfortunately I don't 
> see them added to this report.

JA_Harrison: Looks like something went wrong, could you try again? See "Add an attachment" link on https://bugzilla.wikimedia.org/show_bug.cgi?id=46973 .
Also, could you answer comment 1 and also tell us which MediaWiki version this refers to? Thanks!
Comment 3 JA_Harrison 2013-04-08 15:51:21 UTC 
Created attachment 12051 [details]
dup user name & password

This attachment was meant for another bug report but you can see what happened.
Comment 4 JA_Harrison 2013-04-08 15:52:41 UTC 
I did use the new UI:
http://toro.wmflabs.org/wiki/Special:UserLogin?useAgora=1 

for testing.
Comment 5 Andre Klapper 2013-04-09 09:00:29 UTC 
(In reply to comment #3)
> Created attachment 12051 [details]
> dup user name & password

Please attach images as image files, not embedded into Office files.
Comment 6 spage 2013-06-26 04:04:17 UTC 
Yes, the password checking is quite simplistic. A few username+password combinations are blocked, your password can't be the same as your lowercase username, and it must be longer than $wgMinimalPasswordLength (which defaults to 1 character!).

An extension could beef it up, but it would be better to have an interactive password strength meter.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links