Password Policy - Less critical - Denial of Service - SA-CONTRIB-2018-077

Project: Password PolicyVersion: 7.x-1.x-devDate: 2018-December-05Security risk: Less critical 9∕25 AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:DefaultVulnerability: Denial of ServiceDescription: The Password Policy module makes it possible to set constraints on user passwords which disallow certain passwords.
The "digit placement" constraint is vulnerable to Denial of Service attacks if an attacker submits specially crafted passwords which can cause a site to become unresponsive.
This vulnerability is mitigated by the fact that a site must have the "digit placement" constraint enabled.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article