Severity 3 - Minor
External users registering on an Ideation external link are able to create passwords with no password strength policies enforced, only a 50 characters limit is enforced.
However, password policies are enforced when a password reset is initiated by an external user.
Same password policies during password reset need to be applied at the point of registration.
Steps to Reproduce
- As a Super Admin, browse to Ideation, setup any Ideation Group then make it public
- Copy its External Link
- Launch a new incognito browser window or tab
- Browse to External Link
- Click Register
- Fill in all required details including desired password
- Use a password with no alphanumeric combination or special characters e.g. "mypass"
User registration fails as password inputted does not validate based on rules like;
- minimum length of 8 characters
- at least 1 numeric value
- at least 1 uppercase value
User registration is completed successfully
Currently there is no known workaround for this behavior. A workaround will be added here when available
- is related to