Page MenuHomePhabricator
Create Task
Maniphest T58002

Users getting generic message when resetting password to compromised hash, instead of recycled message
Closed, ResolvedPublic
Actions

Description

Bug in the hook causes users to get a generic message about an extension aborting their password reset, instead of telling them that they were prevented from the change because they were resetting their password to one that matched the hashes that were potentially compromised.

Version: wmf-deployment
Severity: normal

Details

Reference
bz56002

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 2:23 AM
bzimport added a project: WMF-General-or-Unknown.
bzimport set Reference to bz56002.
csteipp created this task.Oct 22 2013, 4:44 PM
gerritbot added a comment.Oct 22 2013, 4:45 PM

Change 91199 had a related patch set uploaded by CSteipp:
Fix error message for recycled passwords

https://gerrit.wikimedia.org/r/91199

gerritbot added a comment.Oct 22 2013, 9:58 PM

Change 91199 merged by jenkins-bot:
Fix error message for recycled passwords

https://gerrit.wikimedia.org/r/91199

Aklapper added a comment.Oct 25 2013, 11:50 AM

Patch merged - Is more work needed, or can this be closed as RESOLVED FIXED?

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL