Description of problem: If the password is too weak firstboot prompts you that the password is too weak and exposes the password in plaintext in the error message Version-Release number of selected component (if applicable): firstboot-1.105-1.fc11.i386 (this was in F11 Alpha) How reproducible: everytime Steps to Reproduce: 1. Install fedora 2. Reboot 3. Click through firstboot screens 4. Create a user with a weak password 5. Be confronted with the password displayed in plaintext Actual results: Instead of just a warning the password is exposed in plaintext Expected results: Warning should occur sans the password. I am checking 'security sensitive bug' since it is technically a security issue, even though this is still F11 Alpha, and thus unlikely to be a production security issue
Quick update after talking with wwoods in #fedora-qa - this is system-config-users which is called by firstboot, so I am changing the component. Also the code appears to be in: /usr/share/system-config-users/userGroupCheck.py Line 154 has: "The chosen password is too weak: %s. Do you want to use it anyway?" The %s should be stripped out in my opinion. (otherwise why obfuscate password entry if displaying the password is acceptable?)
(In reply to comment #1) > Also the code appears to be in: > /usr/share/system-config-users/userGroupCheck.py > > Line 154 has: > "The chosen password is too weak: %s. Do you want to use it anyway?" > > The %s should be stripped out in my opinion. That code seems to be printing error messages from the cracklib. Trying this on already installed F10 messages, I see errors like: The chosen password is too weak: it does not contain enough DIFFERENT characters. Do you want to use it anyway? or The chosen password is too weak: it is too simplistic/systematic. Do you want to use it anyway? with no plain text password. Do you have exact error messages you got somewhere handy?
Yes the error message is: The chose password is too weak: supersecretpassword Do you want to use it anyway? Where plaintext password is the password entered for the user.
Probably related to cracklib python bindings overhaul: http://koji.fedoraproject.org/koji/buildinfo?buildID=67931 * Tue Oct 28 2008 Nalin Dahyabhai <nalin-at-redhat.com> - 2.8.13-1 - update to 2.8.13, which overhauls the python bindings and revises FascistCheck()'s behavior: 2.8.12 success: returns None, fail: returns error text, other: exceptions 2.8.13 success: returns candidate, fail: throws ValueError, other: exceptions Looking at the recent changes to the file in git, Nils is likely already familiar with the changes already... http://git.fedorahosted.org/git/system-config-users.git?p=system-config-users.git;a=commitdiff;h=f69dd9cf9d http://git.fedorahosted.org/git/system-config-users.git?p=system-config-users.git;a=commitdiff;h=523d9f9c2c
*** Bug 485175 has been marked as a duplicate of this bug. ***
(In reply to comment #4) > Probably related to cracklib python bindings overhaul: > > http://koji.fedoraproject.org/koji/buildinfo?buildID=67931 > > * Tue Oct 28 2008 Nalin Dahyabhai <nalin-at-redhat.com> - 2.8.13-1 > - update to 2.8.13, which overhauls the python bindings and revises > FascistCheck()'s behavior: > 2.8.12 success: returns None, fail: returns error text, other: exceptions > 2.8.13 success: returns candidate, fail: throws ValueError, other: exceptions Not that I'm terribly happy with such a drastic change in behaviour between two minor versions... Anyway, fixed upstream: 5087535127ed4baaaa376f3c93d97ccac6014771
fixed in system-config-users-1.2.85-1.fc11
*** Bug 486003 has been marked as a duplicate of this bug. ***
*** Bug 486053 has been marked as a duplicate of this bug. ***