Cable Forum - View Single Post - General Interesting report on TheRegister today

Milambar · 01-09-2014, 15:12

Apparently some security company decompiled and audited VM's javascript code on the login pages. Theres a section that not only assesses password strength based on a number of metrics, but also applies a 'bad word' filter to the passwords, not allowing certain words, or words containing certain words.

http://www.theregister.co.uk/2014/09...rom_passwords/

The general consensus for applying any form of wordfilter from a password input is that the passwords are sent and stored in plaintext, and a CSR seeing a defamatory word might get upset.

I tend to agree with this point of view, I can't see any other reason for applying a wordlist filter on the use of 'bad words' on someones password that should be hashed and stored as a monodirectional hash.

Just wondering if anyone here has any comments on this report?

01-09-2014, 15:12	#1
Milambar Inactive Join Date: Jan 2008 Posts: 954	Interesting report on TheRegister today Apparently some security company decompiled and audited VM's javascript code on the login pages. Theres a section that not only assesses password strength based on a number of metrics, but also applies a 'bad word' filter to the passwords, not allowing certain words, or words containing certain words. http://www.theregister.co.uk/2014/09...rom_passwords/ The general consensus for applying any form of wordfilter from a password input is that the passwords are sent and stored in plaintext, and a CSR seeing a defamatory word might get upset. I tend to agree with this point of view, I can't see any other reason for applying a wordlist filter on the use of 'bad words' on someones password that should be hashed and stored as a monodirectional hash. Just wondering if anyone here has any comments on this report?