Clef: Lack of Password Strength Check #17631
Assignees
Labels
Comments
holiman
added a commit
to holiman/go-ethereum
that referenced
this issue
Sep 25, 2018
holiman
added a commit
that referenced
this issue
Sep 25, 2018
* signer: remove local path disclosure from extapi * signer: show more data in cli ui * rpc: make http server forward UA and Origin via Context * signer, clef/core: ui changes + display UA and Origin * signer: cliui - indicate less trust in remote headers, see #17637 * signer: prevent possibility swap KV-entries in aes_gcm storage, fixes #17635 * signer: remove ecrecover from external API * signer,clef: default reject instead of warn + valideate new passwords. fixes #17632 and #17631 * signer: check calldata length even if no ABI signature is present * signer: fix failing testcase * clef: remove account import from external api * signer: allow space in passwords, improve error messsage * signer/storage: fix typos
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Ref: NCC-EF-Clef-005
Clef does not enforce password complexity checks on newly created accounts, accepting also empty passwords.
Todo:
--devmode(or similar) to disable complexity check for when running in development modeThe text was updated successfully, but these errors were encountered: