4 matches found
GHSA-5C3F-6486-3G7G Gogs's password-reset tokens use account-activation lifetime, ignoring RESET_PASSWORD_CODE_LIVES
Summary Password-reset tokens are generated using conf.Auth.ActivateCodeLives the account-activation lifetime, not conf.Auth.ResetPasswordCodeLives. The token lifetime is baked into the token itself at generation time and is re-extracted from the token at verification time, making...
ZSQL: Password Lifetime
The PASSWORDLIFETIME parameter specifies the number of days the same password can be used. The default value is 180 days. After the configuration, the system provides a password grace period after the password validity period expires. In this case, you need to change the password before the...
CVE-2015-5246
The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory...
CVE-2015-5246
The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory...