Yeah. Security issues should be reported in private, not in public like I did here. But I decided to do it in public because I have my doubts about it being seriously taken unless done this way. This bug is probably as old as time and common knowledge among many users.
Severity is not high since most of password strength is retained. It would make password cracking easier though. Not an expert level thing, just a noobish implementation. It should be very easy to spot and fix after a quick look to code.
Severity is not high since most of password strength is retained. It would make password cracking easier though. Not an expert level thing, just a noobish implementation. It should be very easy to spot and fix after a quick look to code.