Bug 225163 - Able to register to webqa with valid username/any password
Able to register to webqa with valid username/any password
Status: CLOSED CURRENTRELEASE
Product: Red Hat Network
Classification: Red Hat
Component: RHN/Backend (Show other bugs)
RHN Devel
All Linux
high Severity high
: ---
: ---
Assigned To: Jesus M. Rodriguez
Corey Welton
:
Depends On:
Blocks: 166615
  Show dependency treegraph
 
Reported: 2007-01-29 11:11 EST by Jay Turner
Modified: 2015-01-07 19:15 EST (History)
3 users (show)

See Also:
Fixed In Version: 5.0.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-02-12 15:24:50 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jay Turner 2007-01-29 11:11:07 EST
Description of problem:
With rhn-client-tools-0.4.8-1.el5.noarch going against webqa (as it sits at
11:00 on 29.1.2007) I'm able to register against webqa using a valid username
and any password I care to enter.

1) run rhn_register
2) at the Update Location screen, enter
"https://xmlrpc.rhn.webqa.redhat.com/XMLRPC" as the location and continue
3) enter a valid username and any password you like

Will work.

Really shouldn't work.
Comment 1 Jay Turner 2007-01-29 11:12:18 EST
Proposing as RHEL5 blocker, as otherwise this code might make it to the live
site.  Need some sort of resolution prior to that.
Comment 2 Máirín Duffy 2007-01-29 17:25:35 EST
may be related to bug 223515
Comment 3 Jesus M. Rodriguez 2007-02-01 21:23:13 EST
TEST PLAN
-----------
1) ping xmlrpc.rhn.webqa.redhat.com
2) edit /etc/hosts with the following:
   <ip address from above ping> xmlrpc.rhn.redhat.com

   While this seems silly, it goes through the "hosted" code path which 
   is important to test versus the one mentioned in step 2 of original comment

3) Continue with Step 1 & 3 from Original Comment.
Comment 4 Corey Welton 2007-02-08 11:12:01 EST
QA Verified -- can no longer login using an arbitrary password.
Comment 5 Jay Turner 2007-02-12 15:24:50 EST
Closing out.

Note You need to log in before you can comment on or make changes to this bug.