Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

System-generated password does not meet Password Security Settings #10591

Open
SinergiaCRM opened this issue Dec 5, 2024 · 0 comments
Open

System-generated password does not meet Password Security Settings #10591

SinergiaCRM opened this issue Dec 5, 2024 · 0 comments
Labels
Area:Users Issues & PRs related to all things regarding to Users Priority:Important Issues & PRs that are important; broken functions, errors - there are workarounds Severity: Moderate Key function failed, but no or little impact Status:Fix Proposed A issue that has a PR related to it that provides a possible resolution Type: Bug Bugs within the core SuiteCRM codebase

Comments

@SinergiaCRM
Copy link
Contributor

Issue

In Password Management, if the Enable System-Generated Passwords Feature option is enabled and a password security configuration is specified, the system-generated passwords do not meet the security requirements.

Possible Fix

The password generation function should take into account the security requirements defined in:

$sugar_config['passwordsetting']['minpwdlength']
$sugar_config['passwordsetting']['oneupper']
$sugar_config['passwordsetting']['onelower']
$sugar_config['passwordsetting']['onenumber']
$sugar_config['passwordsetting']['onespecial']

SuiteCRM/modules/Users/User.php

Lines 2266 to 2286 in e572230

public static function generatePassword()
{
$res = $GLOBALS['sugar_config']['passwordsetting'];
$charBKT = '';
//chars to select from
$LOWERCASE = "abcdefghijklmnpqrstuvwxyz";
$NUMBER = "0123456789";
$UPPERCASE = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$SPECIAL = '~!@#$%^&*()_+=-{}|';
$condition = 0;
$charBKT .= $UPPERCASE . $LOWERCASE . $NUMBER;
$password = "";
$length = '6';
// Create random characters for the ones that doesnt have requirements
for ($i = 0; $i < $length - $condition; $i++) { // loop and create password
$password = $password . substr($charBKT, mt_rand() % strlen($charBKT), 1);
}
return $password;
}

Steps to Reproduce the Issue

1. Go to _Password Management_
2. Check the _Enable System-Generated Passwords Feature_ option 
3. Change default _Password Security Settings_: minumum length and contain special characters
4. Create a new user 
5. Check tthat the email received by the user with the new password does not meet the defined security requirements.
...

Context

No response

Version

7.14.6

What browser are you currently using?

Chrome

Browser Version

No response

Environment Information

MySQL, PHP 8

Operating System and Version

Ubuntu 20.04
@SinergiaCRM SinergiaCRM added the Type: Bug Bugs within the core SuiteCRM codebase label Dec 5, 2024
jordiSTIC pushed a commit to SinergiaTIC/SuiteCRM that referenced this issue Dec 5, 2024
@SinergiaCRM
Fix salesagility#10591 - System-generated password does not meet Pass…
1f8f6fd 
…word Security Settings
@SinergiaCRM SinergiaCRM mentioned this issue Dec 5, 2024
Open
6 tasks
@johnM2401 johnM2401 added Status:Fix Proposed A issue that has a PR related to it that provides a possible resolution Priority:Important Issues & PRs that are important; broken functions, errors - there are workarounds Area:Users Issues & PRs related to all things regarding to Users Severity: Moderate Key function failed, but no or little impact labels Dec 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area:Users Issues & PRs related to all things regarding to Users Priority:Important Issues & PRs that are important; broken functions, errors - there are workarounds Severity: Moderate Key function failed, but no or little impact Status:Fix Proposed A issue that has a PR related to it that provides a possible resolution Type: Bug Bugs within the core SuiteCRM codebase
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@johnM2401 @SinergiaCRM