Notifications
Clear all

wpForo 1.x.x [Closed] Password minimum length not enforced

4 Posts
4 Users
2 Reactions
2,231 Views
Posts: 23
Topic starter
(@mistral)
Eminent Member
Joined: 6 years ago

Hi Guys

Although the reset password form suggests you have to have a minimum length, it is not enforced. You can enter any length and it will be reset.

Logout > lost-password form > Click link in email > reset password form

In the function wpforo_do_password_reset() there could be a password check which would prevent this.

Regards

Mistral

3 Replies
Robert
Posts: 10590
Admin
(@robert)
Support Team
Joined: 9 years ago

Ok, this will be fixed in next version.

2 Replies
StocksForum
(@stocksforum)
Joined: 6 years ago

Estimable Member
Posts: 135

I was able to set a one character password on the password sign up. Definitely needs updating.

Also, how can I edit the text the that has:

Hint: The password should be at least twelve characters long. To make it stronger, use upper and lower case letters, numbers, and symbols like ! " ? $ % ^ & ).

It's not showing up under 'Phrases' section to edit.

Sofy
 Sofy
Admin
(@sofy)
Joined: 7 years ago

Support Team
Posts: 4860

@stocksforum,

This is not wpForo phrase it's come from Wordpress. I think you should translate the phrase by Loco Translate plugin. 

https://developer.wordpress.org/reference/functions/wp_get_password_hint/