Posted by CANbike on Sat, 12 Jul 2014

[Oxwall] Change the Password Minimum Length and Maximum Length Restriction

Oxwall’s default minimum password length is set to 4 characters, and the maximum password length set to 15 characters.

The Issue: Weak Restrictions

A new profile was created and an attempt was made to change the password.

Message: “Please fill the form properly”

The first message received was ambiguous as all the fields were filled out.

Oxwall Password-Please fill the form properly.png

Message: “Password should have less than 15 characters”

After clicking the “Change Password” button again, a more detailed message appeared. The new password was too long.

Oxwall-Password should have less than 15 characters.png

After checking the source code, the minimum length was set to 4 characters and the maximum length was set to 15 characters. Those restrictions are too weak.

The Fix: Set a new Password Minimum and Maximum Length

  1. Edit the file validator.php in the Oxwall directory /ow_utilities/
  2. Find the line const PASSWORD_MIN_LENGTH = 4; and set a new minimum length
  3. Find the line const PASSWORD_MAX_LENGTH = 15; and set a new maximum length
  4. Save the file

Oxwall Password-Change min and max length.png

The Result

When a user tries to set a new password, the new restrictions will be enforced.

Related Item(s):