-
Title
Password Policy Message Does Not Exclude Special Characters -
Description
In some cases when a Password Policy is configured to exclude special characters, the exclusion itself works fine but the message presented to the user is incorrect.
In these examples the following password is used ‘Pa$$word12’
If the rule is configured to disallow special characters in positions 3-5, the condition is not met and is highlighted in red as expected.
However if the rule is configured to disallow special characters in positions 3-10, the condition is not met but it is highlighted in green implying that the rule has been met.
-
Cause
The issue appears when a range of positions are specified with the starting position being greater than 1 and the end position greater than 9, then the message that is presented to the user will be incorrect even though the password policy rule will be applied correctly. -
Resolution
Workaround 1
If the rule is configured to disallow special characters beginning with position 1 (1-10) then the message is highlighted correctly.
Workaround 2
If the rule is configured to disallow special characters in pairs of sequences (3-5, 6-9) then the message is highlighted correctly.
Workaround 3
If the rule is configured to disallow special characters individually (1,2,3,……8,9,10) then the message is highlighted correctly.
-
Change Request
701950