ACP2E-4044: [QUANS]Admin Password Policy Does Not Meet PCI DSS 4.0 Compliance (Minimum 12 Characters)

thiaramus · thiaramus · commit 42e386662516 · 2025-08-07T10:18:33.000-05:00
diff --git a/app/code/Magento/User/Model/UserValidationRules.php b/app/code/Magento/User/Model/UserValidationRules.php
@@ -53,7 +53,9 @@ public function __construct(?ScopeConfigInterface $scopeConfig = null)
      */
     private function getMinimumPasswordLength(): int
     {
-        $configValue = $this->scopeConfig->getValue(self::XML_PATH_MINIMUM_PASSWORD_LENGTH);
+        $configValue = $this->scopeConfig ?
+            $this->scopeConfig->getValue(self::XML_PATH_MINIMUM_PASSWORD_LENGTH) : null;
+
         return $configValue ? (int) $configValue : self::MIN_PASSWORD_LENGTH;
     }
 

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,9 @@ public function __construct(?ScopeConfigInterface $scopeConfig = null)`
`53`	`53`	`*/`
`54`	`54`	`private function getMinimumPasswordLength(): int`
`55`	`55`	`{`
`56`		`- $configValue = $this->scopeConfig->getValue(self::XML_PATH_MINIMUM_PASSWORD_LENGTH);`
	`56`	`+ $configValue = $this->scopeConfig ?`
	`57`	`+ $this->scopeConfig->getValue(self::XML_PATH_MINIMUM_PASSWORD_LENGTH) : null;`
	`58`	`+`
`57`	`59`	`return $configValue ? (int) $configValue : self::MIN_PASSWORD_LENGTH;`
`58`	`60`	`}`
`59`	`61`