Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Excessive Password Length Causes Unhandled Error (413) in User Registration #493

Closed
1 task done
rafgpereira opened this issue Dec 18, 2024 · 2 comments
Closed
1 task done

Excessive Password Length Causes Unhandled Error (413) in User Registration #493

rafgpereira opened this issue Dec 18, 2024 · 2 comments
Labels
type: bug

Comments

@rafgpereira
Copy link

📜 Description

When attempting to register a new user with a password exceeding 102,303 characters, the system throws an unhandled error with the status code 413. This is unexpected behavior, as the system should have a clearly defined maximum password length and provide a user-friendly error message if the limit is exceeded.

Additionally, this limit of 102,303 characters is undocumented, which highlights a potential inconsistency in the system’s design. This behavior could pose risks, such as security vulnerabilities or degraded user experience.

👟 Reproduction steps

1 - Navigate to the Create Account page.
2 - In the password field, enter a string with more than 102,303 characters.
3 - Fill out the remaining required fields with valid inputs.
4 - Click on the Create Account button.
5 - See the error.

👍 Expected behavior

The system should enforce a well-defined maximum password length (e.g., 64 or 128 characters). If the user enters a password exceeding this limit, the system should:

1 - Prevent the submission of the form.
2 - Display a clear and user-friendly error message, such as:
"Password must not exceed [X] characters."
3 - Handle the input gracefully without causing unhandled errors or unexpected behavior.
4 - Document the maximum password length in the system's user guidelines or API documentation.

👎 Actual Behavior with Screenshots

When entering a password longer than 102,303 characters and attempting to create an account:

1 - The system throws an unhandled error with the status code 413.
2 - No user-friendly error message is displayed, and the registration process is halted unexpectedly.

image
image

💻 Operating system

Windows

🤖 Node Version

v20.17.0

📃 Provide any additional context for the Bug.

No response

👀 Have you spent some time to check if this bug has been raised before?

  • I checked and didn't find similar issue

Are you willing to submit PR?

None
@egelhaus
Copy link

Why do you need 102k Characters for your password?

@rafgpereira
Copy link
Author

Why do you need 102k Characters for your password?

It's not about needing a password with 102,000 characters. It's about ensuring that the system is robust, consistent, and capable of handling unexpected inputs correctly. A well-designed system should anticipate such scenarios and provide clear messages to the user while avoiding unpredictable behavior, like unhandled errors.

Additionally, during development, it's essential to test input limits and restrictions to identify inconsistencies and vulnerabilities. Constraints like the maximum password length must be clearly defined, documented, and validated both on the front-end and back-end.

This type of testing is crucial to ensure the system operates reliably and doesn't confuse or frustrate users, which could also expose potential security risks. My goal in reporting this bug is to contribute to making the system meet these quality standards.

@ArafatHossain403 ArafatHossain403 mentioned this issue Dec 21, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rafgpereira @nevo-david @egelhaus