Error: Password cannot be blank

Thanks David

That's done the trick for me too.

Dave and/or Tim. Would you be able to chip in and let us know if this has any other repursions, security wise?

Also, any idea why it's an issue on some sites and not all? I've not done an extensive test, and it could be a coincidence, but the site with the error is the only site I have running with 3.75.

EDIT. I updated from 3.74 to 3.75 on the 27 December, and we didn't have any issues until today. It was working fine around 8-9pm (GMT) yesterday. Error first noticed around 7am today.

Hi All, 

We wanted to follow up with anyone else with this issue.  

We found the cause: when a user logs in, it automatically checks for any plaintext passwords in the database and encrypts them.  However, it wasn't coded to accept an empty 0-byte string.  This can happen if you import a user from another system or create a user account in a separate table and don't set the password.

David's temporary fix of commenting out the "Password cannot be blank" will work, and we've fixed this for the next version.

Logging in without specifying a password is impossible, so it's completely secure in every case.  

We often have multiple levels of safety checking, and in this case, we had one too many for the situation.

Thanks all!

Thanks everyone.