Bug 1394798
Summary: | Password criteria - show message (Your password cannot contain your username) but accept anyway | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Waldirio M Pinheiro <wpinheir> | ||||||||
Component: | Users & Roles | Assignee: | Marek Hulan <mhulan> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | Evgeni Golov <egolov> | ||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | unspecified | ||||||||||
Version: | 6.2.4 | CC: | bbuckingham, dhlavacd, egolov, jcallaha, rnuccite | ||||||||
Target Milestone: | Unspecified | Keywords: | Triaged | ||||||||
Target Release: | Unused | ||||||||||
Hardware: | x86_64 | ||||||||||
OS: | All | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2018-02-21 16:49:54 UTC | Type: | Bug | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Attachments: |
|
Description
Waldirio M Pinheiro
2016-11-14 13:19:23 UTC
Created attachment 1220402 [details]
password warning
Created attachment 1220403 [details]
password accepted
Created attachment 1220404 [details]
virtwho user logged
I don't think we should display such validation message. I don't think admin_kdjgdlkjgsdlkfgjdklgdslkfgjdlfkgj password would be less secure. So as a fix I'll remove the JS validation message. Created redmine issue http://projects.theforeman.org/issues/17334 from this bug Hi Marek Great. Thank you Best Regards -- Waldirio M Pinheiro | Senior Software Maintenance Engineer Upstream bug assigned to mhulan Upstream bug assigned to mhulan After more upstream discussion it turns out that the JS validation still has some value so we'll keep it but change the wording so it does not indicate it's forbidden to include username in password. The result should be in recommendation tone, e.g. "Your password should not contain your username" Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/17334 has been resolved. Verified. Version Tested: Satellite-6.3 Snap 10 Trying to set the password of the user "foo" to "foo123" yields "Your password should not contain your username" → VERIFIED Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0336 |