Eh, I can see how it’s missed by testing. The tests probably cover testing non-compliant passwords failing and compliant passwords passing. They were probably updated at the same time the password compliance was updated.
Missing an edge case like this isn’t good, but it’s not that uncommon.
Eh, I can see how it’s missed by testing. The tests probably cover testing non-compliant passwords failing and compliant passwords passing. They were probably updated at the same time the password compliance was updated.
Missing an edge case like this isn’t good, but it’s not that uncommon.
Again, a basic code quality issue. If they missed this basic functional code issue, what else did they miss that is exploitable….