XWiki does not accept new password during password reset

ThomasS · February 19, 2024, 8:30am

Hi all,
hopefully someone can assist during the issue I’m currently facing with our XWiki.
When trying to do a password reset the process is working until setting a new password. As long as the password rule for " REQUIRE AT LEAST ONE SYMBOL CHARACTER IN THE PASSWORD" is deactivated the hole process of doing a password reset is working fine. But if symbol characters are required also an trying to set a password e.g. including a ! or @ signs xwiki states: “The provided password is not compliant with the password security rules.”

Does anyone have an idea?

I appreciate any support. Thanks

surli · February 19, 2024, 9:09am

Hi,

thanks for the report I opened Loading... as I’m apparently seeing a bug when testing the mechanism in a unit test.
Could you just tell me which version of XWiki you’re using? And also do you confirm that the issue only reproduces if you select only the rule to have one symbol: i.e. when you have multiple rules selected including the one for symbol does it reproduce too?

ThomasS · February 19, 2024, 11:41am

Hi,
many thanks for the quick response.

the Version we use is XWiki 15.10.4
I can reproduce the issue when selecting “REQUIRE AT LEAST ONE SYMBOL CHARACTER IN THE PASSWORD” as password rule only and also when several requirements are activated.
Maybe interesting point: When “REQUIRE AT LEAST ONE SYMBOL CHARACTER IN THE PASSWORD” isn’t active and doing a password reset symbols are possible to use in a new password.

For me it seems to be an issue in recognizing valid symbols…

If you need more information just let me know please.
Regards, Thomas

ThomasS · February 28, 2024, 8:55am

The issue has been resolved while updating to version 16.1.0.
Thanks for your assistance.