Page MenuHomePhabricator
Create Task
Maniphest T11507

Disallow identical usernames and passwords
Closed, ResolvedPublic
Actions

Description

Author: mcdevitd

Description:
There seem to be a substantial number of accounts that have registered with
obvious passwords, the same as their usernames. Recently, vandals have been
hijacking dormant accounts like this to vandalize and evade blocks. This is a
serious security threat since 1) it means vandals can get around any account
creation blocks by using old accounts created on other IPs, and 2) we are forced
to block compromised dormant accounts that are use for vandalism, even if they
have prior edit histories. The software should prevent such unsafe passwords.

Version: unspecified
Severity: normal

Details

Reference
bz9507

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:40 PM
bzimport added a project: MediaWiki-General.
bzimport set Reference to bz9507.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Apr 5 2007, 9:29 PM
bzimport added a comment.Apr 6 2007, 12:34 AM

ayg wrote:

*** This bug has been marked as a duplicate of 3348 ***

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits