Part of display name in password IS accepted

Question

Part of display name in password IS accepted

hapitou opened this issue 8 months ago · 5 comments

Hi team

we have problems with lithnet which accepts passwords containing part of the characters of the displayname
Version 1.48 or last bug is présents

Thanks
Hapion

Answer 1 · 2024-01-23T20:23:27.000Z

@hapitou

Can you provide an example of a display name and password that is being accepted?

Answer 2 · 2024-01-24T07:57:21.000Z

As you see below, the password part ("Pier") of DisplayName "Pierre" in password

Password contains full display name is rejected

Answer 3 · 2024-01-28T08:19:10.000Z

@hapitou The filter splits on spaces in the full name, and looks for full matches. So 'pierre' or 'richard' would be blocked, but substrings of those words will not be matched.

Answer 4 · 2024-01-28T21:45:23.000Z

Thanks Ryan, because documentation was mentioned part of display name and i have checked the code (fonction below Line 200 of passwordevaluator.cpp) that seems effectively :BOOLEAN ProcessPasswordDoesntContainFullName(const SecureArrayT<WCHAR> &password, const std::wstring &accountName, const std::wstring &fullName, const BOOLEAN &setOperation, const registry &reg){.. Thx Le dimanche 28 janvier 2024 à 09:19:21 UTC+1, Ryan Newington ***@***.***> a écrit : @hapitou The filter splits on spaces in the full name, and looks for full matches. So 'pierre' or 'richard' would be blocked, but substrings of those words will not be matched. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: ***@***.***>

Answer 5 · 2024-02-04T22:19:47.000Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs.