After setting a password in Auth0 with a length greater than 72 characters, if you try to login using that password but omit or change the characters after the 72nd character, the password will still be accepted. Was able to reproduce this bug on multiple tenants.
This was something that came up during testing. I’m aware that a password with good entropy has no need to be longer than 25 characters but thought this was odd behavior. Any ideas why this happening?