1332710 – password history is not updated when an admin resets the password

Bug 1332710 - password history is not updated when an admin resets the password

Summary: password history is not updated when an admin resets the password

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	389-ds-base
Sub Component:
Version:	6.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Noriko Hosoi
QA Contact:	Viktor Ashirov
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1342614
TreeView+	depends on / blocked

Reported:	2016-05-03 21:07 UTC by Noriko Hosoi
Modified:	2020-09-13 21:43 UTC (History)
CC List:	6 users (show)
Fixed In Version:	389-ds-base-1.2.11.15-82.el6
Doc Type:	Bug Fix
Doc Text:	When a user password was reset by an administrator, the old password was previously not stored in the user's password history. This allowed the user to reuse the same password after the reset. With this update, resetting a password also stores it in password history, and the user must use a different password.
Clone Of:
Clones:	1342614 (view as bug list)
Environment:
Last Closed:	2017-03-21 10:21:39 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	389ds 389-ds-base issues 1873	0	None	None	None	2020-09-13 21:43:32 UTC
Red Hat Product Errata	RHBA-2017:0667	0	normal	SHIPPED_LIVE	389-ds-base bug fix update	2017-03-21 12:35:05 UTC

Description Noriko Hosoi 2016-05-03 21:07:29 UTC

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/48813

When an admin resets a password the current password is not stored in the password history.  This incorrectly allows the user to reuse the previous password after the reset.

Comment 1 Noriko Hosoi 2016-06-02 16:15:26 UTC

Justification: From the security perspective, password reset must strictly follow the password policy.

Comment 5 Amita Sharma 2016-11-23 11:46:03 UTC

Executed upstream test ::

========================= test session starts 
platform linux2 -- Python 2.7.8, pytest-3.0.4, py-1.4.31, pluggy-0.4.0 -- /opt/rh/python27/root/usr/bin/python
cachedir: .cache
DS build: 1.2.11.15 B2016.312.1950
389-ds-base: 1.2.11.15-85.el6
nss: 3.27.1-7.el6
nspr: 4.13.1-1.el6
openldap: 2.4.40-14.el6
svrcore: 4.0.4-5.1.el6

rootdir: /export/tests, inifile: 
plugins: html-1.11.0, cov-2.4.0, beakerlib-0.6
collected 1 items 

suites/password/pwp_history_test.py::test_pwp_history_test PASSED

=== 1 passed in 38.93 seconds 

Marking bug as verified.

Comment 7 errata-xmlrpc 2017-03-21 10:21:39 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0667.html

Note You need to log in before you can comment on or make changes to this bug.