Users with 'administer users' permission skip password validation when registering users, but not when editing users. I don't see a reason for this inconsistency. If a site is enforcing a minimum password length, this should be checked both when editing and creating users. At the very least, something like the attached patch should be done.


hunmonk’s picture

Title:Register/edit password validation consistency» Admin created accounts should have password length validation
Status:Active» Fixed

Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.