First Last Prev Next    This bug is not in your last search results.
Bug 225163 - Able to register to webqa with valid username/any password
Able to register to webqa with valid username/any password
Status: CLOSED CURRENTRELEASE
Product: Red Hat Network
Classification: Red Hat
Component: RHN/Backend (Show other bugs)
RHN Devel
All Linux
high Severity high
: ---
: ---
Assigned To: Jesus M. Rodriguez
Corey Welton
:
Depends On:
Blocks: 166615
  Show dependency treegraph
 
Reported: 2007-01-29 11:11 EST by Jay Turner
Modified: 2015-01-07 19:15 EST (History)
3 users (show)

See Also:
Fixed In Version: 5.0.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-02-12 15:24:50 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Jay Turner 2007-01-29 11:11:07 EST 
Description of problem:
With rhn-client-tools-0.4.8-1.el5.noarch going against webqa (as it sits at
11:00 on 29.1.2007) I'm able to register against webqa using a valid username
and any password I care to enter.

1) run rhn_register
2) at the Update Location screen, enter
"https://xmlrpc.rhn.webqa.redhat.com/XMLRPC" as the location and continue
3) enter a valid username and any password you like

Will work.

Really shouldn't work.
Comment 1 Jay Turner 2007-01-29 11:12:18 EST 
Proposing as RHEL5 blocker, as otherwise this code might make it to the live
site.  Need some sort of resolution prior to that.
Comment 2 Máirín Duffy 2007-01-29 17:25:35 EST 
may be related to bug 223515
Comment 3 Jesus M. Rodriguez 2007-02-01 21:23:13 EST 
TEST PLAN
-----------
1) ping xmlrpc.rhn.webqa.redhat.com
2) edit /etc/hosts with the following:
   <ip address from above ping> xmlrpc.rhn.redhat.com

   While this seems silly, it goes through the "hosted" code path which 
   is important to test versus the one mentioned in step 2 of original comment

3) Continue with Step 1 & 3 from Original Comment.
Comment 4 Corey Welton 2007-02-08 11:12:01 EST 
QA Verified -- can no longer login using an arbitrary password.
Comment 5 Jay Turner 2007-02-12 15:24:50 EST 
Closing out.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.