15
msdsk
3y

Registering a new account for microsoft teams:
`Your password cannot contain a space, &# characters combination, or the following characters: < >`

Are they storing the passwords in plain text? Are they not sanitizing the input? Why the fuck would they care if I put motherfucking emojis in my password? What the fuck are you doing to the passwords, Microsoft? TELL ME.

Comments
  • 3
    Maybe their infra is fucked and they pass the password through sanitization before hashing and so passwords like <html> would either get rejected by the sanitizer or get silently changed to &lthtml&gt and you wouldn't be able to login and wouldn't know why

    That's my guess. I doubt a tech giant like MS is storing it in plaintext, especially since they do use oAuth property, eveb though customized. So best guess is that It's an edge case they couldn't bother to patch
  • 5
    But " &#<>" is my favourite password
  • 2
    There was a leak so... Something' was not sane :)
  • 3
    Unfortunately, it’s not only MS. There are insane password rules everywhere. On top of that shit, we have also "security questions". 😩
Add Comment