You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Clone this repository to public/Customizing/global/plugins/Services/UIComponent/UserInterfaceHook/CompromisedPasswordChecker
Install the Composer dependencies
cd public/Customizing/global/plugins/Services/UIComponent/UserInterfaceHook/CompromisedPasswordChecker
composer install --no-dev
Developers MUST omit the --no-dev argument.
Login to ILIAS with an administrator account (e.g. root)
Select Plugins in Extending ILIAS inside the Administration main menu.
Search for the CompromisedPasswordChecker plugin in the list of plugin and choose Install from the Actions drop-down.
Choose Activate from the Actions dropdown.
Supported forms/views
Changing password after initial user creation.
Changing password through user profile settings.
Usage
Open the plugin configuration and switch to the Password-Lists tab.
Switch to the Upload sub-tab.
Choose between the available options, fill out the form and submit it.
You will be redirected back to the Overview sub-tab and a new password list will be available in the table.
Activate the new password-list.
If a user enters a password into a password field on the plattform. The entered password will be checked against all activated password-lists.
If the password is found in a list. The password is denied and the user is shown an error message.
Notes
Note that passwords are stored as plain text.
Since these passwords are considered "insecure" and the plugin does not act as a service for other applications to determine if a password is insecure (Like HIBP)
and these passwords don't leave ILIAS this approach should be considered "acceptable".
It may be wise in the future to secure these passwords better
This would require a migration to move plain text passwords to a more secure (encrypted) approach.
to 