While that may be true(copy/🍝), it implies that their code quality and QA process is broken and some of the most important fields/data are not being closely looked it. It certainly DOES speak to their overall security competence.
Eh, I can see how it's missed by testing. The tests probably cover testing non-compliant passwords failing and compliant passwords passing. They were probably updated at the same time the password compliance was updated.
Missing an edge case like this isn't good, but it's not that uncommon.
While that may be true(copy/🍝), it implies that their code quality and QA process is broken and some of the most important fields/data are not being closely looked it. It certainly DOES speak to their overall security competence.
Eh, I can see how it's missed by testing. The tests probably cover testing non-compliant passwords failing and compliant passwords passing. They were probably updated at the same time the password compliance was updated.
Missing an edge case like this isn't good, but it's not that uncommon.
Again, a basic code quality issue. If they missed this basic functional code issue, what else did they miss that is exploitable….