Forgot password link bypass password validation

  • Resolved enkoes

    (@enkoes)


    12 months ago

    Hi, I recently found out that when user using “Forgot Password” to reset password, the validation preset in registration form (say minimum length 6, maximum length 20) has no longer applied. User can then set his own password with any length using “Forgot Password” way. How can we fix that?

    Regards.

Viewing 5 replies - 1 through 5 (of 5 total)
  • missveronica

    (@missveronicatv)

    @enkoes

    I can’t reproduce this issue.

    When I’m not entering my 8 characters minimum
    I get this message in the ?act=reset_password page

    Your password must contain at least 8 characters

    Thread Starter enkoes

    (@enkoes)

    Thanks for your reply.

    I tested several times, it comes out the same issue. Inside the registration form, I set min length 6, max length 20, when reset password, I can key in password of any length, and I just get a password approve message in the??act=reset_password?page.

    I also tested Change Password in Account Tab, the length validation also does not apply. Have I missed something in the settings?

    Regards.

    Thread Starter enkoes

    (@enkoes)

    Just a note, password length validation works perfectly for registration of new user using the same registration form.

    missveronica

    (@missveronicatv)

    @enkoes

    Yes, in UM Settings -> General -> Users you have these settings
    which must be set for the other pages like Reset password and Account.

    Require a strong password?
    Password minimum length
    Password maximum length

    Thread Starter enkoes

    (@enkoes)

    It works fine now. Thanks!

    It seems that we must enable “Require a strong password” then only can apply the password length restriction to Reset password and Account page.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Forgot password link bypass password validation’ is closed to new replies.