You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Location:lib/Service/SoftwareCatalogue/ContactPersonHandler.php line 466
Description:
New user accounts are created with a 12-character randomly generated password. The character set used may not satisfy the Nextcloud password policy (which by default requires uppercase, lowercase, digit, and special character). When IUserManager::createUser rejects the password for policy non-compliance, the method throws an exception that surfaces as a generic HTTP 500 to the caller, with no actionable error message.
Suggested fix:
Generate passwords that explicitly satisfy NC's IPasswordPolicy constraints, or use NC's built-in password generator utility if available, to ensure reliable account creation regardless of instance password policy configuration.
Severity: LOW
Location:
lib/Service/SoftwareCatalogue/ContactPersonHandler.phpline 466Description:
New user accounts are created with a 12-character randomly generated password. The character set used may not satisfy the Nextcloud password policy (which by default requires uppercase, lowercase, digit, and special character). When
IUserManager::createUserrejects the password for policy non-compliance, the method throws an exception that surfaces as a generic HTTP 500 to the caller, with no actionable error message.Suggested fix:
Generate passwords that explicitly satisfy NC's
IPasswordPolicyconstraints, or use NC's built-in password generator utility if available, to ensure reliable account creation regardless of instance password policy configuration.Source: deep team-reviewer pass 2026-05-27