Description
When the password is null or empty, ValidateCredentials skips all validation entirely — including username validation. A misconfigured service with an empty password and a non-existent username will bypass all credential checks.
Location
src/Servy.Core/Native/NativeMethods.cs, lines 416-419
Problematic code
if (string.IsNullOrEmpty(password))
{
return;
}Severity
Warning — Validation bypass could mask misconfiguration.
Suggested fix
Validate the username exists even when the password is empty. At minimum, check that the account can be resolved.
Description
When the password is null or empty,
ValidateCredentialsskips all validation entirely — including username validation. A misconfigured service with an empty password and a non-existent username will bypass all credential checks.Location
src/Servy.Core/Native/NativeMethods.cs, lines 416-419Problematic code
Severity
Warning — Validation bypass could mask misconfiguration.
Suggested fix
Validate the username exists even when the password is empty. At minimum, check that the account can be resolved.