Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exit code 1 then pass.validate password contains chars like ^ #7

Open
andreyponteleev opened this issue Feb 8, 2017 · 4 comments
Open

Exit code 1 then pass.validate password contains chars like ^ #7

andreyponteleev opened this issue Feb 8, 2017 · 4 comments

Comments

@andreyponteleev
Copy link

Exit code 1 occured while validating passwords with special chars (-^[{) inside
@andreyponteleev
Copy link
Author

andreyponteleev commented Feb 9, 2017
edited
Loading 

cmd = spawn('openssl', ['passwd', '-' + type, '-salt', salt, '-stdin']);
cmd.stdin.end(password);

this will prevent from crash openssl while "-" sign is 1st in password

also impossible to run any XSS, because no user input passed to spawn & shell

@andris9
Copy link
Owner

andris9 commented Feb 9, 2017

Would you mind creating a Pull Request?

@andreyponteleev
Copy link
Author

On next week I can do it, if needed

@kanalasumant
Copy link

kanalasumant commented Nov 11, 2017
edited
Loading

This is just the library I needed. Thanks @andris9 for this. I wanted to ask you if this issue is taken care of or should we not use pass.validate at all and assume they were hashed correctly or use other
encryption methods. I'd be using this for a production application so any input on this would be helpful.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@andris9 @andreyponteleev @kanalasumant