#23 Password Characters too Restrictive All Versions

[Anonymous]

Originally created by: lifecyc... (code.google.com)@gmail.com

What steps will reproduce the problem?
1. Device Admin Enter Password for example with=in
2. Also applies to user share passwords
3.

What is the expected output? What do you see instead?
Expect to accept = in password. Password rejected. Please enter a valid
password! The password must have a minimum of 5 and a maximum of 8
alphanumeric chars.

What version of the product are you using? On what operating system?
1.1

Please provide any additional information below.
For Users in Sharing also get Please enter a valid password! The password
must have a minimum of 5 and a maximum of 14 alphanumeric chars. Why 5-8
Characters for web login and 5 -14 for User Shares? Why not 5-14 for admin
web login?

[Anonymous]

Originally posted by: dgazi... (code.google.com)@gmail.com

This was done to avoid bugs on early haserl script processor and kept this way onto
advanced versions. This is not needed anymore.

Issue accepted to allow wider range of characters and consistent limits for
passwords. Next version will reflect it.

Labels: -Type-Defect Type-Enhancement
Status: Started

[Anonymous]

Originally posted by: arionkra... (code.google.com)@gmail.com

Password length limitation is really... limiting..

I successfully fooled the javascript validation so I could set a longer password (13 characters long, indeed).

1. Install Firebug add-on for Firefox
2. Open password changing page ("My NAS >> Device >> Admin")
3. Click Firefox's menu Tools >> Firebug >> Open Firebug (or simply F12, or click the button on status bar)
4. On Firebug, click on the second icon, it's a blue cursor inside a box (it's the element inspector)
5. Click on page button named "Apply"
6. You should see the following line:

<form onsubmit="return validatePass(this.pass1.value, this.pass2.value);" method="POST" action="/cgi-bin/admin.cgi">

7. Click on it, change to the following line and hit Enter (note you only change a small part of the line):

<form onsubmit="return true;" method="POST" action="/cgi-bin/admin.cgi">

8. What you did is making the fields' validation (which limit to 8 characters) always return true.

9. Make sure you enter the same password on both "New password" and "Repeat password" fields, as validation will now be bypassed and won't check if they're equal (thus, if you mistyped your password on "New password" field, ).
I personally typed my password on address bar, checked, and copied it to both fields with Ctrl-C + Ctrl-V.

10. Click "Apply", and voilà.

PS: If you reload ou reopen the page later, you will have to repeat the whole process to set passwords longer than 8 characters.

PS2: I don't know the length limitation, but I see no reason it would not be possible to set a longer password, or a password containing special characters. You should take it easy, thought. You are at your on risk.

[Anonymous]

Originally posted by: meguer... (code.google.com)@gmail.com

https://code.google.com/p/snake-os/issues/detail?id=100 (Snake OS V1.3.2)