Ticket #5837 (closed defect: fixed)

Opened 5 months ago

Last modified 4 months ago

WordPress and Moveable Type import create weak password

Reported by: pishmishy Assigned to: pishmishy
Priority: high Milestone: 2.5
Component: Security Version: 2.3.3
Severity: normal Keywords: password import wordpress mt has-patch tested
Cc:

Description

wp-admin/import/mt.php and wp-admin/import/wordpress.php need to do something better than creating accounts with the password "changeme". For an import with few users it's not certain that the user will change all the new passwords, for an import with large numbers of users it could be a particularly laborious task.

Suggest generating a random password with the usual algorithm. User can have the admin change the password if needed, or run through the recovery process.

Attachments

5837.patch (2.7 kB) - added by pishmishy on 02/13/08 10:20:23.
Generates random passwords for users created by import

Change History

02/13/08 10:20:23 changed by pishmishy

  • attachment 5837.patch added.

Generates random passwords for users created by import

02/13/08 10:21:00 changed by pishmishy

  • keywords changed from password import wordpress mt to password import wordpress mt has-patch tested.

02/13/08 11:18:08 changed by ryan

Seems like a good idea to me.

02/13/08 11:19:38 changed by pishmishy

  • status changed from new to assigned.

Forget the part I mentioned about the recovery process - these users won't have e-mail addresses. The patch reflects that even if the trac description didn't =)

02/27/08 18:45:41 changed by westi

  • status changed from assigned to closed.
  • resolution set to fixed.

(In [7065]) Generate random passwords for users created during import. Fixes #5837 props pishmishy.