Add-ons Password Tools 3.12.2

Author XenForo
Creation date Jan 1, 2021
Tags

add on password tools download add on password tools password tools password tools xenforo

Overview Updates (20) History Discussion

3.7.1 - Feature update

Jun 1, 2022

Require XenForo 2.2+, drop XF2.1 support

Actually implement cron to prune the pwned password hash cache. Old entries where already being ignored, so this will hopefully just reduce MySQL table bloat

Fix denial of service attack by preventing too long password which can trigger factorial number of brute force password checks when using Zxcvbn

Update new install option defaults to more recommend values:

Enforce password complexity for admins

Enable "Length check by default, and set the "Minimum length" to 8

Enable "Pwned password password validation" by default

3.6.5 - Bugfix update

Dec 23, 2021

Switch back to upstream bjeavons/zxcvbn-php library as it should be fully php 8.1 compatible.

More 32bit php fixes

3.6.4 - Bugfix update

Dec 11, 2021

Fix edge case where 32bit php would incorrectly report a very strong password was weak due to bad float to integer truncation.

Recommend ext-gmp (aka php-gmp) for optimized binomial calculations, which requires php 7.3+