starred/SuiteCRM-SuiteCRM
1
0
Fork 0
mirror of https://github.com/SuiteCRM/SuiteCRM.git synced 2026-03-02 19:16:58 -05:00
Code Issues 1.2k Projects Packages Wiki Activity

System-generated password does not meet Password Security Settings #5283

New issue
Open
opened 2026-02-20 16:32:21 -05:00 by deekerman · 0 comments
deekerman commented 2026-02-20 16:32:21 -05:00
Owner
Copy link

Originally created by @SinergiaCRM on GitHub (Dec 5, 2024).

Issue

In Password Management, if the Enable System-Generated Passwords Feature option is enabled and a password security configuration is specified, the system-generated passwords do not meet the security requirements.

Possible Fix

The password generation function should take into account the security requirements defined in:

$sugar_config['passwordsetting']['minpwdlength']
$sugar_config['passwordsetting']['oneupper']
$sugar_config['passwordsetting']['onelower']
$sugar_config['passwordsetting']['onenumber']
$sugar_config['passwordsetting']['onespecial']

github.com/salesagility/SuiteCRM@e572230abd/modules/Users/User.php (L2266-L2286)

Steps to Reproduce the Issue

1. Go to _Password Management_
2. Check the _Enable System-Generated Passwords Feature_ option 
3. Change default _Password Security Settings_: minumum length and contain special characters
4. Create a new user 
5. Check tthat the email received by the user with the new password does not meet the defined security requirements.
...

Context

No response

Version

7.14.6

What browser are you currently using?

Chrome

Browser Version

No response

Environment Information

MySQL, PHP 8

Operating System and Version

Ubuntu 20.04

Originally created by @SinergiaCRM on GitHub (Dec 5, 2024). ### Issue In _Password Management_, if the _Enable System-Generated Passwords Feature_ option is enabled and a password security configuration is specified, the system-generated passwords do not meet the security requirements. ### Possible Fix The password generation function should take into account the security requirements defined in: ```php $sugar_config['passwordsetting']['minpwdlength'] $sugar_config['passwordsetting']['oneupper'] $sugar_config['passwordsetting']['onelower'] $sugar_config['passwordsetting']['onenumber'] $sugar_config['passwordsetting']['onespecial'] ``` https://github.com/salesagility/SuiteCRM/blob/e572230abd0dad205b24a96acce72590b20bf69d/modules/Users/User.php#L2266-L2286 ### Steps to Reproduce the Issue ```bash 1. Go to _Password Management_ 2. Check the _Enable System-Generated Passwords Feature_ option 3. Change default _Password Security Settings_: minumum length and contain special characters 4. Create a new user 5. Check tthat the email received by the user with the new password does not meet the defined security requirements. ... ``` ### Context _No response_ ### Version 7.14.6 ### What browser are you currently using? Chrome ### Browser Version _No response_ ### Environment Information MySQL, PHP 8 ### Operating System and Version Ubuntu 20.04
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
hotfix
develop
master
feature/php-8.4-compatibility
hotfix-7.14.x
next
feature/campaigns_revert
v7.15.0
v7.14.8
v7.14.7
v7.14.6
v7.14.5
v7.14.4
v7.14.3
v7.12.14
v7.14.2
v7.14.1
v7.12.13
v7.14.0
v7.14.0-beta
v7.13.4
v7.12.12
v7.12.11
v7.13.3
v7.12.10
v7.13.2
v7.12.9
v7.13.1
v7.13.0
v7.13.0-beta
v7.12.8
v7.12.7
v7.12.6
v7.12.5
v7.12.4
v7.12.3
v7.10.36
v7.12.2
v7.10.35
v7.12.1
v7.10.34
v7.11.23
v7.12.0
v7.12-rc
v7.11.22
v7.10.33
v7.11.21
v7.10.32
v7.11.20
v7.10.31
v7.11.19
v7.10.30
v8.0.0-beta.1
v7.10.29
v7.11.18
v7.11.17
v7.11.16
v7.10.28
v7.11.15
v7.10.27
v7.11.14
v7.10.26
v7.11.13
v7.10.25
v7.11.12
v7.10.24
v7.10.23
v7.11.11
v7.10.22
v7.11.10
v7.10.21
v7.11.9
v7.11.8
v7.10.20
v7.11.7
v7.10.19
v7.8.31
v7.10.18
v7.11.6
v7.11.5
v7.10.17
v7.8.30
v7.11.4
v7.10.16
v7.8.29
v7.11.3
v7.10.15
v7.8.28
v7.11.2
v7.10.14
v7.8.27
v7.11.1
v7.8.26
v7.10.13
v7.11.0
v7.10.12
v7.8.25
v7.11-rc-2
v7.11-rc
v7.10.11
v7.8.24
v7.11-beta
v7.10.10
v7.8.23
v7.10.9
v7.8.22
v7.10.8
v7.8.21
v7.10.7
v7.10.6
v7.8.20
v7.10.5
v7.8.19
v7.10.4
v7.10.3
v7.9.17
v7.8.18
v7.8.17
v7.10.2
v7.9.16
v7.8.16
7.9.15
v7.10.1
v7.10.0
v7.9.14
v7.8.15
v7.8.14
v7.9.13
v7.10-RC-2
v7.8.13
v7.9.12
v.7.9.11
v7.9.11
v7.8.12
v7.9.10
v7.8.11
v7.10-RC
v7.9.9
v7.8.10
v7.10-beta-3
v7.9.8
v7.8.9
v7.10-beta-2
v7.10-beta
v7.9.7
v7.8.8
v7.8.7
7.9.6
v7.9.5
v7.8.6
v7.9.4
v7.9.3
v7.9.2
v7.9.1
v7.8.5
v7.9.0
v7.8.4
v7.9.0-rc
v7.9.0-beta
v7.8.3
v7.8.2
v7.8.1
v7.8.0
v7.8.0-rc
v7.8.0-beta.2
v7.7.9
v7.8.0-beta
v7.7.8
v7.6.10
v7.7.7
v7.6.9
v7.7.6
v7.6.8
v7.7.5
v7.6.7
v7.7.4
v7.7.3
v7.7.2
v7.7.1
v7.7
v7.7-rc2
v7.7-rc
v7.6.6
v7.5.5
v7.6.5
v7.5.4
v7.7-beta2
v7.7-beta1
v7.6.4
v7.6.3
v7.6.2
v7.6.1
v7.6
v7.6-rc
v7.6-beta.2
v7.6-beta-1
v7.5.3
v7.5.2
v7.5.1
v7.5
v7.5-rc
v7.5-beta.2
v7.5-beta
v7.4.3
v7.4.2
v7.4.1
v7.4
v7.3.2
v7.4-rc
v7.4-beta.2
v7.4-beta
v7.3.1
v7.2.4
v7.3
v7.1.8
v7.3beta3
v7.2.3
v7.3-beta
v7.2.2
7.2.2
v7.1.7
7.1.7
v7.1.6
v7.2.1
v7.2
v7.2beta3
v7.1.5
v7.2beta2
v7.2beta
v7.1.4
v7.1.3
v7.1.2
v7.1.1
v7.1
v7.1RC2
v7.1RC
v7.1beta2
v7.1beta
v7.0.2
v7.0.1
Labels
Clear labels   
Area: API

   
Area: Campaigns

   
Area: Cases

   
Area: Clean Up

   
Area: Clean Up: Performance

   
Area: Dashlets

   
Area: Databases

   
Area: Developer Tools

   
Area: Elasticsearch

   
Area: Elasticsearch

   
Area: Emails

   
Area: Emails:Campaigns

   
Area: Emails:Cases

   
Area: Emails:Compose

   
Area: Emails:Config

   
Area: Emails:Templates

   
Area: Environment

   
Area: Installation

   
Area: Language

   
Area: Mobile

   
Area: Module

   
Area: PDFs

   
Area: PHP8

   
Area: Reports

   
Area: Studio

   
Area: Styling

   
Area: Upgrading

   
Area: Workflow

   
Area:Activity Stream

   
Area:Calls

   
Area:Import

   
Area:Projects

   
Area:Search

   
Area:Surveys

   
Area:Themes

   
Area:Users

   
Branch:Hotfix

   
Good First Issue

   
Hacktoberfest

   
Help Wanted

   
PR:Community Contribution

   
PR:Type:Enhancement

   
Priority:Critical

   
Priority:Important

   
Priority:Moderate

   
Severity: Major

   
Severity: Minor

   
Severity: Moderate

   
Status: Requires Code Review

   
Status: Requires Updates

   
Status: Stale

   
Status: Team Investigating

   
Status:Assessed

   
Status:Fix Proposed

   
Status:Needs Assessed

   
Status:Requires Automated Tests

   
Type: Bug

   
Type:Deprecated

   
Type:Discussion

   
Type:Duplicate

   
Type:Invalid

   
Type:Question

   
Type:Suggestion

   
Type:Suggestion
No labels
Area: API
Area: Campaigns
Area: Cases
Area: Clean Up
Area: Clean Up: Performance
Area: Dashlets
Area: Databases
Area: Developer Tools
Area: Elasticsearch
Area: Elasticsearch
Area: Emails
Area: Emails:Campaigns
Area: Emails:Cases
Area: Emails:Compose
Area: Emails:Config
Area: Emails:Templates
Area: Environment
Area: Installation
Area: Language
Area: Mobile
Area: Module
Area: PDFs
Area: PHP8
Area: Reports
Area: Studio
Area: Styling
Area: Upgrading
Area: Workflow
Area:Activity Stream
Area:Calls
Area:Import
Area:Projects
Area:Search
Area:Surveys
Area:Themes
Area:Users
Branch:Hotfix
Good First Issue
Hacktoberfest
Help Wanted
PR:Community Contribution
PR:Type:Enhancement
Priority:Critical
Priority:Important
Priority:Moderate
Severity: Major
Severity: Minor
Severity: Moderate
Status: Requires Code Review
Status: Requires Updates
Status: Stale
Status: Team Investigating
Status:Assessed
Status:Fix Proposed
Status:Needs Assessed
Status:Requires Automated Tests
Type: Bug
Type:Deprecated
Type:Discussion
Type:Duplicate
Type:Invalid
Type:Question
Type:Suggestion
Type:Suggestion
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/SuiteCRM-SuiteCRM#5283
No description provided.