Users with 'administer users' permission skip password validation when registering users, but not when editing users. I don't see a reason for this inconsistency. If a site is enforcing a minimum password length, this should be checked both when editing and creating users. At the very least, something like the attached patch should be done.

Members fund testing for the Drupal project. Drupal Association Learn more


hunmonk’s picture

Title: Register/edit password validation consistency » Admin created accounts should have password length validation
Status: Active » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.