When an illegale_value (sic) type exception is thrown due to an unacceptable choice of password (e.g. too simple) the entered password is shown verbatim as part of the error message, e.g. during initial registration:
secret is illegale value for pw1
(The typo and slightly broken English come that way in the original dictionary, btw.)
Displaying the entered password literally should be avoided as is the case elsewhere in SimpleSAMLphp and selfregister.
When an
illegale_value(sic) type exception is thrown due to an unacceptable choice of password (e.g. too simple) the entered password is shown verbatim as part of the error message, e.g. during initial registration:(The typo and slightly broken English come that way in the original dictionary, btw.)
Displaying the entered password literally should be avoided as is the case elsewhere in SimpleSAMLphp and selfregister.