SonarQube should warn about maximum password length as passwords are silently truncated at 50 characters

Hi everyone,

it appears that user passwords are silently truncated at 50 characters (likely the length of the database field).

I think it would make sense to validate the maximum length upon submission of the form.

Forgive me if this is a known issue. A quick search here did not bring this up and the documentation does not seem to mention it either.

Best regards,
Jan Ihrens

Hi Jan,

Welcome on the community forum!
Can you please let us know the form you are referring to?


Hi Chris,

thanks for coming back to be. I created a user from Administration > Security > Users > Create User

I used the password 123456789012345678901234567890123456789012345678901.
At this point I cannot log in with the password 123456789012345678901234567890123456789012345678901, I can however log in with 12345678901234567890123456789012345678901234567890.

This also applies to changing of a users password from /admin/users.

Our version of Sonarqube is


Hi @janihrens ,

Indeed, this is a bug. Thanks for the report. I’ve opened a ticket here.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.