XenForo accepts long passwords with extra characters appended

Status: This content is read-only, or is not open for further replies.

lanbin

Guest

offline

OP
May 13, 2026
0
28

Hi,
Today I noticed a strange behavior with long passwords on my XenForo forum.

I created a very long password:

Code:

Code:

https://5d8efaa502c219c3.demo-xenforo.com/2310/index.php
name admin and password 2222nhxb?;Fwgffx*nLLc;ESAH<,r|i3g2]7:DC?)9Rugd_Y;4Q@j`>tp,CDwtt6twSazmd(UQ^:z|I(tiU,2222

Logging in with the exact password works normally. However, if I append extra characters to the end of the password, I can still log in successfully. For example, all of these passwords are accepted...

Read more

Continue reading...

Show hidden low quality content

Status: This content is read-only, or is not open for further replies.

Facebook Reddit Pinterest WhatsApp Email Link

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn more…

Top Bottom