Users with 'administer users' permission skip password validation when registering users, but not when editing users. I don't see a reason for this inconsistency. If a site is enforcing a minimum password length, this should be checked both when editing and creating users. At the very least, something like the attached patch should be done.

Comments

hunmonk’s picture

Title: Register/edit password validation consistency » Admin created accounts should have password length validation
Status: Active » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.