Actions
BUG #4238
opendev #4299: [SQA] : Auth module
[SQA] Create New Password: Password containing HTML/script tags fails on Sign In
Description
Description¶
Module/Section: Agency → Create New Password
Profile: Agency
Issue Category: Functional
On the Create New Password page, a password containing HTML/script tags can be successfully set, but the same password fails during Sign In, resulting in an incorrect password error.
This indicates inconsistent password handling and missing input sanitization between the reset and authentication flows.
Steps to Reproduce¶
- Go to Forgot Password and submit an email with an existing account.
- Open the verification link and navigate to Create New Password.
- Enter
S!<script>alert(1)</script>as New Password and Confirm Password. - Submit to reset the password (success message appears).
- Go to Sign In and attempt to log in using the same email and password.
- Observe the error message.
Expected Result¶
Passwords containing HTML/script tags should be either:
- Rejected or sanitized consistently, or
- If accepted, should authenticate successfully after reset.
Actual Result¶
The password is accepted during reset but fails during Sign In, causing an incorrect password error.
Attachments¶
Impact Area:¶
Root Cause:¶
Additional Info¶
- Tested By: Aman
Updated by Al Arafat Siddique 2 months ago
- Assignee changed from Ayat Rahman to Al Arafat Siddique
- Parent task set to #4242
Updated by Al Arafat Siddique 2 months ago
- Parent task changed from #4242 to #4244
Updated by Al Arafat Siddique about 2 months ago
- Assignee changed from Al Arafat Siddique to Aman Bhuiyan
Updated by Ayat Rahman about 1 month ago
- Parent task changed from #4244 to #4299
Updated by Aman Bhuiyan 15 days ago
- Assignee changed from Aman Bhuiyan to Ayat Rahman
This issue till now exist
Actions