Bug 225163 - Able to register to webqa with valid username/any password
Summary: Able to register to webqa with valid username/any password
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Network
Classification: Red Hat
Component: RHN/Backend   
(Show other bugs)
Version: RHN Devel
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Jesus M. Rodriguez
QA Contact: Corey Welton
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 166615
TreeView+ depends on / blocked
 
Reported: 2007-01-29 16:11 UTC by Jay Turner
Modified: 2015-01-08 00:15 UTC (History)
3 users (show)

Fixed In Version: 5.0.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-02-12 20:24:50 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Jay Turner 2007-01-29 16:11:07 UTC
Description of problem:
With rhn-client-tools-0.4.8-1.el5.noarch going against webqa (as it sits at
11:00 on 29.1.2007) I'm able to register against webqa using a valid username
and any password I care to enter.

1) run rhn_register
2) at the Update Location screen, enter
"https://xmlrpc.rhn.webqa.redhat.com/XMLRPC" as the location and continue
3) enter a valid username and any password you like

Will work.

Really shouldn't work.

Comment 1 Jay Turner 2007-01-29 16:12:18 UTC
Proposing as RHEL5 blocker, as otherwise this code might make it to the live
site.  Need some sort of resolution prior to that.

Comment 2 Máirín Duffy 2007-01-29 22:25:35 UTC
may be related to bug 223515


Comment 3 Jesus M. Rodriguez 2007-02-02 02:23:13 UTC
TEST PLAN
-----------
1) ping xmlrpc.rhn.webqa.redhat.com
2) edit /etc/hosts with the following:
   <ip address from above ping> xmlrpc.rhn.redhat.com

   While this seems silly, it goes through the "hosted" code path which 
   is important to test versus the one mentioned in step 2 of original comment

3) Continue with Step 1 & 3 from Original Comment.

Comment 4 Corey Welton 2007-02-08 16:12:01 UTC
QA Verified -- can no longer login using an arbitrary password.


Comment 5 Jay Turner 2007-02-12 20:24:50 UTC
Closing out.


Note You need to log in before you can comment on or make changes to this bug.