Diffusion Phabricator 02aa193cb05e

Add a common password blacklist
02aa193cb05e
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

Add a common password blacklist

Summary:
Fixes T4143. This mitigates the "use a botnet to slowly try to login to every user account using the passwords '1234', 'password', 'asdfasdf', ..." attack, like the one that hit GitHub.

(I also donated some money to Openwall as a thanks for compiling this wordlist.)

Test Plan:

Tried to register with a weak password; registered with a strong password.
Tried to set VCS password to a weak password; set VCS password to a strong password.
Tried to change password to a weak password; changed password to a strong password.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, chad

Maniphest Tasks: T4143

Differential Revision: https://secure.phabricator.com/D8048

Details

Provenance

epriestley	Authored on
epriestley	Pushed on Jan 23 2014, 10:01 PM

Reviewer

Differential Revision

D8048: Add a common password blacklist

Parents

rP1a964f71bb0d: Disable SimpleXML entity loader in Phabricator

Branches

Unknown

Tags

Unknown

Tasks

T4143: Add a common password blacklist

Event Timeline

Changes (9)

Path

Size

externals/

wordlist/

src/

__phutil_library_map__.php

applications/

auth/

PhabricatorCommonPasswords.php

controller/

PhabricatorAuthRegisterController.php

diffusion/

panel/

DiffusionSetPasswordPanel.php

settings/

panel/

PhabricatorSettingsPanelPassword.php

rP02aa193cb05e

externals/wordlist/LICENSE.txt

Loading...

externals/wordlist/password.lst

Loading...

src/__phutil_library_map__.php

Loading...

src/applications/auth/constants/PhabricatorCommonPasswords.php

Loading...

src/applications/auth/controller/PhabricatorAuthRegisterController.php

Loading...

src/applications/diffusion/panel/DiffusionSetPasswordPanel.php

Loading...

src/applications/settings/panel/PhabricatorSettingsPanelPassword.php

Loading...