Skip to content

Commit

Permalink
[jan] SECURITY: Don't allow to login with an emtpy password.
Browse files Browse the repository at this point in the history
  • Loading branch information
@yunosh
yunosh committed Jul 6, 2015
1 parent 4d5c3ca commit e81d3d4
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
4 changes: 4 additions & 0 deletions framework/Core/lib/Horde/Core/Auth/Application.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,10 @@ public function __construct(array $params = array())
*/
public function authenticate($userId, $credentials, $login = true)
{
if (!strlen($credentials['password'])) {
return false;
}

try {
list($userId, $credentials) = $this->runHook(trim($userId), $credentials, 'preauthenticate', 'authenticate');
} catch (Horde_Auth_Exception $e) {
Expand Down
2 changes: 2 additions & 0 deletions framework/Core/package.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
</stability>
<license uri="http://www.horde.org/licenses/lgpl21">LGPL-2.1</license>
<notes>
* [jan] SECURITY: Don&apos;t allow to login with an emtpy password.
* [jan] Give administrators access to all groups, even with $conf[&apos;share&apos;][&apos;any_group&apos;] disabled.
</notes>
<contents>
Expand Down Expand Up @@ -3963,6 +3964,7 @@
<date>2015-06-11</date>
<license uri="http://www.horde.org/licenses/lgpl21">LGPL-2.1</license>
<notes>
* [jan] SECURITY: Don&apos;t allow to login with an emtpy password.
* [jan] Give administrators access to all groups, even with $conf[&apos;share&apos;][&apos;any_group&apos;] disabled.
</notes>
</release>
Expand Down

0 comments on commit e81d3d4

Please sign in to comment.