1241129 – DV Installer accepts passwords which are not strong enough for vault.sh

Bug 1241129 - DV Installer accepts passwords which are not strong enough for vault.sh

Summary: DV Installer accepts passwords which are not strong enough for vault.sh

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Data Virtualization 6
Classification:	JBoss
Component:	Installer
Sub Component:
Version:	6.2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	ER4
Target Release:	6.2.0
Assignee:	Emmett Underhill
QA Contact:	Jan Stastny
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-07-08 14:07 UTC by Jan Stastny
Modified:	2016-02-10 08:54 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-02-10 08:54:22 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Jan Stastny 2015-07-08 14:07:01 UTC

Description of problem:
Installer accepts password not strong enough for the vault.sh and fails during installation processing with message:

<code>
* Error * 
JBAS015264: Password is not strong enough, it is 'MODERATE'. It should be at least 'MEDIUM'.

Exception in thread "main" org.jboss.as.domain.management.security.adduser.AddUserFailedException: JBAS015264: Password is not strong enough, it is 'MODERATE'. It should be at least 'MEDIUM'.
	at org.jboss.as.domain.management.security.adduser.ErrorState.execute(ErrorState.java:71)
	at org.jboss.as.domain.management.security.adduser.AddUser.run(AddUser.java:131)
	at org.jboss.as.domain.management.security.adduser.AddUser.main(AddUser.java:212)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.jboss.modules.Module.run(Module.java:312)
	at org.jboss.modules.Main.main(Main.java:473)
Exit code: 1
</code>

Version-Release number of selected component (if applicable):
DV 6.2.0 ER3

How reproducible:
with specific passwords

Steps to Reproduce:
1. Start installer, create admin user, check same passwords, provide password: 'asdfasdf{123'
2. Continue to the processing phase by leaving all defaults.
3. Examine the installer processing page output for above mentioned error

Actual results:
installer fails

Expected results:
decline the password as weak

Comment 1 Anne-Louise Tangring 2015-07-13 13:09:41 UTC

We need to document this.

Comment 2 Emmett Underhill 2015-08-05 16:02:40 UTC

Hi,

The jbossas password strength algorithm sometimes produces bizarre results such as this. (asdfasdf{123) is a MODERATE password yet (asdf{123) is a MEDIUM password. There's no way for the installer to change this algorithm, so I've added a new password strength checking validator that uses the same algorithm as the one in jbossas.

Passwords that will not be ranked strong enough for the installation to proceed successfully are no longer allowed (an error message is displayed in the user creation screen).

Thank you,

Emmett Underhill

Comment 3 Thomas Hauser 2015-08-06 18:32:08 UTC

This is actually fixed in the latest build. Marking as ON_QA for now.

Comment 4 Jan Stastny 2015-08-07 10:34:40 UTC

The reported problem was resolved in ER4 build. Checked only for reported password 'asdfasdf{123'

Note You need to log in before you can comment on or make changes to this bug.