Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FreeRadius 1.9.23: comma in password not allowed by webGUI although help text lists it as valid #4548

Open
3 tasks done
phloggu opened this issue Feb 14, 2025 · 2 comments
Open
3 tasks done

Comments

@phloggu
Copy link

phloggu commented Feb 14, 2025

Important notices
Before you add a new report, we ask you kindly to acknowledge the following:

Describe the bug
According to the help text for setting a password for a radius user under

Services -> FreeRADIUS -> Users -> edit

the following characters are allowed: 0-9, a-z, A-Z, and ,._-!$%/()+#=
Trying to enter a password containing a comma (,) which is listed as a valid character the webGUI does mark the password field and says: "Text does not validate."

How to Reproduce
Set a password containing a comma for a FreeRADIUS user and try to save your edit.

Expected behavior
The webGUI's help listing allowed characters for a password and the corresponding check should be consistent.

@ket395
Copy link

ket395 commented Feb 14, 2025

As long as this does not complicate the code for the GUI or create an unforeseen CVE I'm ok with it.
Either way this detail should be properly documented somewhere as it's unlikely to be cause of any harm.

@phloggu
Copy link
Author

phloggu commented Feb 15, 2025

I have some passwords containing a comma saved, if I open such a user's profile, I can't change anything unless I also change the password. That's how I discovered.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

2 participants