CloudManager Password Restrictions

colinbowerncolinbowern Member Posts: 8
edited December 2016 in CloudManager

I went to update a password and the randomly generated one had an ampersand (&) in it. Then I got this message:

Change Password may contain letters, numbers, and the following special characters: $@^`|%;.~()/{}:?[]=-+_#!

The credential handling approach for CloudManager needs a review. There should be NO reason for filtering characters in a password if you are doing it right.

Please pass on the OWASP Password Storage Cheat Sheet to the development team. Then sign them up for PluralSight to watch the development security videos. Especially given that this is cloud connected network infrastructure I expect the security practices around it to be nothing less than excellent.

Tagged:
Sign In or Register to comment.