URGENT!!! Using Password Reset Link Disables Password Case Sensitivity

Lex Clay shared this problem 6 months ago
Completed

Hi Fishies,

Potentially a bit of a huge problem here. It appears that if you use the Forgotten Password link that takes you to .../PasswordForgotten.i4 the password you set is case insensitive.

Confirmed on 9.8.2.2.

Process, navigate to https://youryellowfin.com/PasswordForgotten.i4 & enter email address.

Click the link in the email to set your password, enter a password with upper & lowercase letters, numbers etc

On the login screen, type the password in all lower case. It still has to contain all the same letters, numbers & symbols in the correct order but the case sensitivity is lost.


Looks like this has been an issue since 2011!!

https://www.yellowfinbi.com/resources/forum/yfforum-disallow-changing-usernamepassword-in-user-management-thread-106264

Replies (7)

photo
1

Hello Lex,

Thank you for reaching out to Yellowfin Support

Allow me sometime to look into this issue. I will get back to you with my findings.

Regards,

Yamini Naidu

photo
1

Hello Lex,

Could you please verify the settings under Administration-->Configuration-->Authentication-->Password settings

b506cde32acd690ad8fbda3438c871ec



Regards,

Yamini Naidu

photo
1

I'm not entirely sure why that would matter in the slightest?

If the password is Test123 then TEST123 and test123 should not work, regardless of the password requirements.

Every option is selected except password must be different from last but again, it's completely and totally irrelevant to the issue at hand.

photo
1

Hello Lex,

Allow me some time to investigate this internally. I will get back to you with my results.

Regards,

Yamini Naidu

photo
1

Hello Lex,

I was able to replicate the problem with 9.8.2.2, saw the identical error that you saw. 9.8.2.2 appears to have an issue with this.
When I tried the problem in 9.10, everything appears to be functioning as expected. Working fine in this version. Could you please give it a try in version 9.10 since it appears to have fixed this issue.

Below is the link of my replication in 9.10. When I entered test@123 I got error like it should contain one upper case. Test@123 worked fine and I was able to login.

https://ftp.yellowfin.bi/f/6b00c8fdbb870339

Let me know if I did something wrong.

Regards,

Yamini Naidu

photo
1

Hello Lex,

Please let me know your availability for a call. As this seems to be a little confusing issue, I would love to jump on a call and make this clear.

Regards,

Yamini Naidu

photo
1

Hi Yamini,

I am free for a call now.

photo
photo
1

Hello Lex,

Thanks for joining the call. As this seems to be a bug, allow me some time to check this further and I will get back to you with the update.

Regards,

Yamini Naidu

photo
1

Hi Yamini,

Thank you for the prompt response & jumping on the call to gain clarity.

Just so you are aware, we have escalated directly with Brad Scarff & Peter Damen. This is not a reflection on your efforts, we just need to get this resolved as soon as possible.

photo
1

Morning Yamini,

I just wanted to let you know that Peter has found a fix and has raised a Jira ticket for it's implementation. You can close this ticket.

Many thanks for your help.

photo
1

Hello Lex,

Thanks for your confirmation. I'll close this ticket now. Please feel free to contact Yellowfin Support when ever you have any concern with regards to Yellowfin, we would be happy to assist.

Best regards,

Yamini Naidu

photo
Leave a Comment
 
Attach a file