In DLP version 12.0 and prior, administrators can bypass the reset on their passwords to strong versions
search cancel

In DLP version 12.0 and prior, administrators can bypass the reset on their passwords to strong versions

book

Article ID: 161360

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

When enabling strong password enforcement in DLP versions 12.0 and prior, administrators are able to specify existing weak password in the password update dialogue without error, allowing them to continue to use the weak password.

Resolution

Symantec implemented a fix for this in DLP 12.5. It is strongly recommended that customers upgrade to this build to address this vulnerability.