Topic: | Password policy misconfiguration results in blank password from password reset |
Severity: | Minor |
Versions affected: | 2.1 to 2.1.2+, 2.0 to 2.0.5+, 1.9 to 1.9.14+ |
Reported by: | Stephen Mc Guinness |
Issue no.: | MDL-29893 |
Changes (master): | http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=e079e82c087becf06d902089d14f3f76686bde19 |
Workaround: | Do not set password policy length values to zero |
Description:
When password policy length values (length of password, digits, lowercase letters, etc.) are set to zero, an empty password can be entered, but then it is not possible to change this password.