Bug in password strength meter
There is a bug in the password strength meter password level identification method in
/interface/lib/classes/validate_password.inc.php
Line 74:
} else if (length >= 7 && length <=10) {
Variables start with $. This could lead to a password incorrectly being classified as strength level 4 instead of level 3.