Password can be set weak with "reset-password"-typo3-core-function, even when be_secure_pw is setted up correctly
Hi Thomas & Marcus,
sorry, went in another issues with the whole password restriction process within the same project. We did dedicated testing on some cases - i'll split them up in several items.
The test where:
- Admin: setup of be_secure_pw with "enforce", valid-timespan set and 2 mandatory patterns out of 4
- Editor: login-panel, click reset password
- click reset-pwd-link in received email
- Intro-text mentions not the configured restrictions
- I can provide a weak password without mentioning anything, although the configured restrictions
- After clicking the button, this panel appears:
- This one i would have expected with the extension not installed / configured. This the extension given, would have expected an faild password change panel.
- After that, i can login as usual (password is not enforced as strong, even not after the login, which would be anyways a step too much to enforce it)
Expected:
- Proper text of configured restirctions, translated (which i could do)
- Proper check of the password against the configured restrictions
Installation:
- Typo3 11.5.17
- be_secure_pw 10.1.3
Any help there?
Thank you, Thomas