Bug 1087936
| Summary: | [GUI] Run Once & Sysprep: entered user password is not masked | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Pavel Novotny <pnovotny> | ||||
| Component: | ovirt-engine | Assignee: | Shmuel Melamud <smelamud> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Petr Kubica <pkubica> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 3.4.0 | CC: | gklein, lsurette, michal.skrivanek, rbalakri, Rhev-m-bugs, srevivo, ykaul | ||||
| Target Milestone: | ovirt-3.6.0-rc | ||||||
| Target Release: | 3.6.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2016-04-20 01:10:12 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | Virt | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
it's Windows, everyone knows it's less secure! :-D Verified in 3.6.0-0.0.master.20150628172322.git3c12761.el6 |
Created attachment 886543 [details] screenshots: sysprep & cloud-init password inputs in Run Once/Initial Run Description of problem: When entering alternate credentials for a Windows VM in Run Once dialog -> Initial Run (sysprep), the password input field does not mask it at all. Version-Release number of selected component (if applicable): rhevm-3.4.0-0.13.beta3.el6ev.noarch (av6). How reproducible: 100% Steps to Reproduce: 1. Have a Windows VM and open Run Once dialog. 2. In Boot Options select to attach [sysprep] floppy. 3. In Initial Run enter following alternate credentials: User Name: administrator Password: SuperSecretPassword 4. Ask your colleague to take a look at your monitor and to guess your password. Actual results: Your colleague doesn't have much trouble to find out your password because it's displayed in plain text in the GUI! The password input field is actually <input type="text"> HTML widget. (see screenshot "runonce-sysprep-password.png" in zipped attachment) Expected results: Usually two <input type="password"> widgets are used for passwords - for entering and re-entering the password. It should be implemented the same way as it's done in Run Once / Cloud-Init dialog of Linux-based VMs. (see "runonce-cloudinit-password.png" in zipped attachment) Additional info: