Bug with already used passwords in Lotus Notes 8.0.2
If you have “password checking” enabled and/or use a password policy in your Domino environment, Lotus Notes remembers (by default) the last 50 passwords you used to protect the Notes ID file and if you try to use one of these passwords you will get the error “You have used this password before. Please choose a new one“.
So far so good, but….
…in Lotus Notes 8.0.2 there is a reproducible bug with this function.
It doesn´t matter whether you use a completely new password or a already used one, you will always get the ”Your password change succeeded!”
message, instead of getting a warning that you used the password before and that the password change failed. This can be quite confusing for a user who changed his password because of a policy and cannot login the next day, because he didn´t really change his password.
In Version 8.5 it seems to be fixed and IBM is aware about this bug, but I could not find any technote yet.
3 comments July 2nd, 2009
3 Comments Add your own
1. Tzahi | July 2nd, 2009 at 14:11
I saw it happen in 8.5 when I configured the ID Vault.
The security policy that’s created allow users to put their old password after reseting
What I did is to merge the current security with the ID vault security to fix it
I do not know if it is your case but just heads up on ID vault.
2. dennis ruddigkeit | July 2nd, 2009 at 16:00
Without using ID vault it´s not a bug in 8.5 anymore. With ID vault – I don´t know ;-)
3. Lotus Notes 8.0.2 May Con&hellip | July 3rd, 2009 at 1:05
[...] to Ruddigkeit.net, if you have “password checking” enabled or use a password policy in Domino, Lotus [...]
Leave a Comment
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackback this post | Subscribe to the comments via RSS Feed