[
https://issues.apache.org/jira/browse/SYNCOPE-1337?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francesco Chicchiriccò reassigned SYNCOPE-1337:
-----------------------------------------------
Assignee: Francesco Chicchiriccò
> Password history policy is not enforced on salted passwords
> -----------------------------------------------------------
>
> Key: SYNCOPE-1337
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1337
> Project: Syncope
> Issue Type: Bug
> Components: core
> Affects Versions: 2.0.9, 2.1.0
> Reporter: Andrea Patricelli
> Assignee: Francesco Chicchiriccò
> Priority: Major
> Fix For: 2.0.10, 2.1.1, 3.0.0
>
>
> # Define a password policy and set history to a value > 0 (even 1 is good).
> # Set configuration parameter password.cipher.algorithm to a salted
> algorithm, say SSHA512 for example.
> # Create and user with a password.
> # Try to edit (more times if you like, in order to populate password
> history) user by changing the password (password management or edit wizard)
> to the same value or a value that you are sure that is in the password
> history (to trigger the policy). You'll see that the password is updated to
> the already used value and the history policy is not triggered.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
