chldapasswd

nemunaire/chldapasswd

Fork 0

Commit graph

Author	SHA1	Message	Date
Pierre-Olivier Mercier	54b74fb233	fix(security): enforce 128-character maximum password length All checks were successful continuous-integration/drone/push Build is passing Details SHA-512 crypt has no 72-char truncation like bcrypt, but an unbounded password length allows DoS via CPU exhaustion. Caps input at 128 chars and adds unit tests for boundary conditions in checkPasswdConstraint. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-23 10:44:52 +07:00

Author

SHA1

Message

Date

Pierre-Olivier Mercier

54b74fb233

fix(security): enforce 128-character maximum password length

continuous-integration/drone/push Build is passing

Details

SHA-512 crypt has no 72-char truncation like bcrypt, but an unbounded
password length allows DoS via CPU exhaustion. Caps input at 128 chars
and adds unit tests for boundary conditions in checkPasswdConstraint.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-23 10:44:52 +07:00

1 commit