First Last Prev Next    This bug is not in your last search results.
Bug 456464 - xmlrpc api allows users to change password to include disallowed characters
xmlrpc api allows users to change password to include disallowed characters
Status: CLOSED CURRENTRELEASE
Product: Red Hat Network
Classification: Red Hat
Component: RHN/Backend (Show other bugs)
rhn505
All Linux
low Severity low
: ---
: ---
Assigned To: Sebastian Skracic
Stephen Herr
us=38139
:
Depends On:
Blocks: 457802
  Show dependency treegraph
 
Reported: 2008-07-23 17:03 EDT by Stephen Herr
Modified: 2008-09-25 09:04 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-09-25 09:04:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Stephen Herr 2008-07-23 17:03:49 EDT 
Description of problem:
Using the user.setDetails xmlrpc api method users can change their password to
include the characters '<', '>', '\s', and '\"', which according the the user
page should be disallowed. 

Version-Release number of selected component (if applicable):
5.0.6

How reproducible:
Always

Steps to Reproduce:
1. Ask sherr to run the automated java api test for user.setDetails
2.
3.
  
Actual results:
details (including password) successfully update

Expected results:
Error stating password was invalid

Additional info:
Comment 1 Sebastian Skracic 2008-08-26 05:56:43 EDT 
Fixed in r118986 - user.setDetails now validates the password against the .xsd file, just like the Web frontend does.
Comment 4 Stephen Herr 2008-08-26 16:23:31 EDT 
fails qa, I can still change the password. It will throw an error over the password being too short but not the bad characters.
Comment 5 Stephen Herr 2008-08-28 16:23:58 EDT 
verified in dev
Comment 6 Stephen Herr 2008-09-05 16:37:04 EDT 
verified in qa
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.