Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Done
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: Security
Labels:
None

Assigned Teams:

Server Security
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Similar to SERVER-10897, if drivers and the server don't engage in some canonicalization process for passwords, there is a strong risk for mismatches when the input device used by the end user produces a different encoding of a multi-code-point character, or a character that has multiple code point representations (a.k.a, greek capital omega and the Ohm symbol).

is related to

SERVER-10896 Enforce prohibition of embedded NULLs in role names.

Closed

related to

SERVER-10897 User and role names should be canonicalized by the server using Unicode canonicalization form NFC

Backlog

Assignee:: [DO NOT USE] Backlog - Security Team
Reporter:: Andy Schwerin
Participants:: [DO NOT USE] Backlog - Security Team, Andrew Morrow, Andy Schwerin, David Golden
Votes:: 0 Vote for this issue
Watchers:: 6 Start watching this issue

Created:: Sep 25 2013 04:53:12 PM UTC
Updated:: Dec 06 2022 05:17:13 AM UTC
Resolved:: Apr 13 2018 05:48:53 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates