phorge-phorge

mirror of https://we.phorge.it/source/phorge.git synced 2024-11-22 06:42:42 +01:00

History

epriestley 02aa193cb0 Add a common password blacklist Summary: Fixes T4143. This mitigates the "use a botnet to slowly try to login to every user account using the passwords '1234', 'password', 'asdfasdf', ..." attack, like the one that hit GitHub. (I also donated some money to Openwall as a thanks for compiling this wordlist.) Test Plan: - Tried to register with a weak password; registered with a strong password. - Tried to set VCS password to a weak password; set VCS password to a strong password. - Tried to change password to a weak password; changed password to a strong password. Reviewers: btrahan Reviewed By: btrahan CC: aran, chad Maniphest Tasks: T4143 Differential Revision: https://secure.phabricator.com/D8048	2014-01-23 14:01:18 -08:00
..
LICENSE.txt	Add a common password blacklist	2014-01-23 14:01:18 -08:00
password.lst	Add a common password blacklist	2014-01-23 14:01:18 -08:00

epriestley 02aa193cb0 Add a common password blacklist

Summary:
Fixes T4143. This mitigates the "use a botnet to slowly try to login to every user account using the passwords '1234', 'password', 'asdfasdf', ..." attack, like the one that hit GitHub.

(I also donated some money to Openwall as a thanks for compiling this wordlist.)

Test Plan:
  - Tried to register with a weak password; registered with a strong password.
  - Tried to set VCS password to a weak password; set VCS password to a strong password.
  - Tried to change password to a weak password; changed password to a strong password.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, chad

Maniphest Tasks: T4143

Differential Revision: https://secure.phabricator.com/D8048

2014-01-23 14:01:18 -08:00

LICENSE.txt

Add a common password blacklist

2014-01-23 14:01:18 -08:00

password.lst

Add a common password blacklist

2014-01-23 14:01:18 -08:00