[ 
https://issues.apache.org/jira/browse/SYNCOPE-1337?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Francesco Chicchiriccò updated SYNCOPE-1337:
--------------------------------------------
    Fix Version/s: 3.0.0

> Password history policy is not enforced on salted passwords
> -----------------------------------------------------------
>
>                 Key: SYNCOPE-1337
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1337
>             Project: Syncope
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.0.9, 2.1.0
>            Reporter: Andrea Patricelli
>            Priority: Major
>             Fix For: 2.0.10, 2.1.1, 3.0.0
>
>
> # Define a password policy and set history to a value > 0 (even 1 is good).
>  # Set configuration parameter password.cipher.algorithm to a salted 
> algorithm, say SSHA512 for example.
>  # Create and user with a password.
>  # Try to edit (more times if you like, in order to populate password 
> history) user by changing the password (password management or edit wizard) 
> to the same value or a value that you are sure that is in the password 
> history (to trigger the policy). You'll see that the password is updated to 
> the already used value and the history policy is not triggered.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to