Input sanitizing and checking is important but must be made right...
Artikel ansehen
Zusammenfassung ansehen
OK, we have a special situation.
An app on iPad OS must be used with credential separated from AD/LDAP.
This app checks the submitted username and password against its database.
Password policy expects at least a length of 8 chars (max 16 chars), password must have at least one capital letter, one small letter, a number and one of 10 defined specific chars.
Works as desired.
But there's a catch.
Exclamation marks are in the array of defined specific chars.
If the password ends with two "!!" something goes wrong. All logins are denied because of wrong combination user & password.
This use case wasn't part of testing rules til now...
Loglevel now set to full...
