179 views

Description

The same password values (on the Current Password, New Password, Confirm New Password fields) in the "login_cpw.do" page  is accepted upon submission.

Steps to Reproduce

 

  1. Login on to an instance.
  2. Set user user profile to have the Password needs reset checked. Password needs reset = true.
  3. Logout
  4. Login as user
  5. Click Login, and redirect to https://<instance_name>.service-now.com/nav_to.do?uri=/login_cpw.do
  6. Enter the values for Current Password, New Password, Confirm New Password.
  7. Validation is applied and needs to enter the valid password.
  8. Once done, as user,
  9. Enter the the same values for the fields Current Password, New Password, Confirm New Password.
  10. Click Submit

    No error was thrown and it accepts the same values of the password.

Workaround

Add the following codes in the ValidatePasswordStronger installation exit, particularly after line# 10. 
https://<INSTANCE_NAME>.service-now.com/nav_to.do?uri=sys_installation_exit.do?sys_id=45c28b420a0a0b840009e5cf4a185462 

var current_password = request.getParameter("user_password_current"); 
if(user_password == current_password) { 
gs.addErrorMessage("The new password must be differnt from the current password"); 
return false; 


Related Problem: PRB1252621

Seen In

There is no data to report.

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2018-03-22 07:18:51
Published:2018-03-09