Bug 1311936 - password security policy out of scale
password security policy out of scale
Status: CLOSED DUPLICATE of bug 1265066
Product: Bugzilla
Classification: Community
Component: Bugzilla General (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified (vote)
: ---
: ---
Assigned To: PnT DevOps Devs
Depends On:
  Show dependency treegraph
Reported: 2016-02-25 06:17 EST by hdunkel
Modified: 2016-04-13 01:22 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-02-29 00:53:45 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description hdunkel 2016-02-25 06:17:13 EST
Description of problem:
Could you please accept the password policy for www.redhat.com on bugzilla.redhat.com? On www.redhat.com I am managing a lot of sensitive information (subscriptions, lists of servers, etc.) and yet I am allowed to use a safe and easy to remember password. bugzilla is "just" a bugtracker readable for everyone, not a high-security bank. Its password security policy is out of scale, compared to www.

Thanx in advance
Comment 1 Jason McDonald 2016-02-25 19:57:36 EST
(In reply to hdunkel from comment #0)
> bugzilla is "just" a bugtracker readable for everyone, not a
> high-security bank.

This statement is incorrect.  In addition to the bugs that are public, Red Hat Bugzilla contains a large volume of sensitive information that Red Hat is contractually obliged to protect.

The current password policy was set after we found that a significant number of users with access to sensitive data were using passwords that could only be classified as extremely weak.
Comment 2 Jeff Fearn 2016-02-29 00:53:45 EST

*** This bug has been marked as a duplicate of bug 1265066 ***
Comment 3 hdunkel 2016-04-13 01:22:25 EDT
How about a single sign on for {www,bugzilla,etc}.redhat.com ?

Note You need to log in before you can comment on or make changes to this bug.