Bug #56004
closed
Retain username when entering an insecure password
Added by Michael Schams about 10 years ago.
Updated over 4 years ago.
Description
When installing TYPO3 CMS 6.2 from scratch, at the step create user and import base data, you have the option to enter a username and a password for the initial administrator user. Field username is pre-filled with "admin".
- change "admin" to your own username (e.g. "firstname.lastname")
- use a short, insecure password
- click "continue" button
Message appears "Administrator password not good enough!" and form comes up again.
At this point, field username falls back to "admin".
However, the username was not the problem and from a usability perspective you would expect that valid data entered should remain. Therefore, the field should be pre-filled with the previously entered value (e.g. "firstname.lastname") rather than fall-back to "admin".
This issue occurs in TYPO3 CMS 6.2.0beta5.
Files
- Target version set to next-patchlevel
- Complexity set to easy
- Status changed from New to Accepted
thought it would be an easy fix, but took me a bit longer, still haven't gotten it to work (due to redirect stuff in the install tool).
- Related to Feature #80793: provide configurable password policies added
- Category changed from Install Tool to Security
- Target version deleted (
next-patchlevel)
- Status changed from Accepted to Needs Feedback
Hi Michael,
please re-check if this is still an issue with TYPO3 v9+
I have re-tested the behaviour in 9.5.13. We can close this ticket as we are now using JavaScript to verify the password strength:
typo3/sysext/install/Resources/Public/JavaScript/Modules/PasswordStrength.js
See attached screenshot-20200116-0850.png.
Using a weak/short password is reported in real-time while entering the data and the submit button remains disabled.
Therefore the username is not changed/cleared.
- Status changed from Needs Feedback to Closed
Thanks for your feedback, Michael!
Also available in: Atom
PDF