x/crypto/bcrypt: GenerateFromPassword returns nil error on empty password #42230
Labels
FrozenDueToAge
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
I just found out that if I use nil slice or empty string to generate bcrypt hash, bcrypt will simply generate one without complaining. I would expect to get error but nope, I just get a real hash. This bit me while creating API layer and my front-end did not properly map fields and I was getting empty passwords but all requests just passed so I ended up with new users in db with random passwords. Luckily it was just testing in development.
Example
https://play.golang.org/p/DBnWUjn0YPX
The text was updated successfully, but these errors were encountered: