We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ASVS 2.1.1 (Verify that user set passwords are at least 12 characters in length (after multiple spaces are combined).
CWE-521 (Weak Password Requirements)
OpenEMR accepts passwords 9 characters or greater, creating a conflict with the ASVS requirement above.
When creating a new user:
When changing password:
Passwords set when creating a user or changing a password that are less than 12-characters should not be accepted.
Browser: Firefox 124.0.2 (64-bit) OpenEMR version: v7.0.2 Operating system: Windows 11
The text was updated successfully, but these errors were encountered:
Successfully merging a pull request may close this issue.
Describe the bug
ASVS 2.1.1 (Verify that user set passwords are at least 12 characters in length (after multiple spaces are combined).
CWE-521 (Weak Password Requirements)
OpenEMR accepts passwords 9 characters or greater, creating a conflict with the ASVS requirement above.
To Reproduce
When creating a new user:
When changing password:
Expected behavior
Passwords set when creating a user or changing a password that are less than 12-characters should not be accepted.
Client configuration
Browser: Firefox 124.0.2 (64-bit)
OpenEMR version: v7.0.2
Operating system: Windows 11
Client configuration
The text was updated successfully, but these errors were encountered: