Part of display name in password IS accepted
hapitou opened this issue · 5 comments
hapitou commented
Hi team
we have problems with lithnet which accepts passwords containing part of the characters of the displayname
Version 1.48 or last bug is présents
Thanks
Hapion
ryannewington commented
Can you provide an example of a display name and password that is being accepted?
hapitou commented
ryannewington commented
@hapitou The filter splits on spaces in the full name, and looks for full matches. So 'pierre' or 'richard' would be blocked, but substrings of those words will not be matched.
hapitou commented
Thanks Ryan, because documentation was mentioned part of display name and i have checked the code (fonction below Line 200 of passwordevaluator.cpp) that seems effectively :BOOLEAN ProcessPasswordDoesntContainFullName(const SecureArrayT<WCHAR> &password, const std::wstring &accountName, const std::wstring &fullName, const BOOLEAN &setOperation, const registry ®){..
Thx
Le dimanche 28 janvier 2024 à 09:19:21 UTC+1, Ryan Newington ***@***.***> a écrit :
@hapitou The filter splits on spaces in the full name, and looks for full matches. So 'pierre' or 'richard' would be blocked, but substrings of those words will not be matched.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you were mentioned.Message ID: ***@***.***>
stale commented
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs.