Red Hat Bugzilla – Bug 486053
poor password choice leads to password exposure
Last modified: 2009-02-18 05:39:04 EST
Description of problem:
I was just doing a test install of FC11-alpha, and after installing it asks for the first account details. I set a poor quality password (eg test4now) and it errored with
You have chosen a poor password (test4now). Blah...
Version-Release number of selected component (if applicable):
I'm not sure this is really redhat-system-config-users - it's the "first user creation app".
Steps to Reproduce:
1. create account
2. enter poor quality password
3. see error
I wouldn't expect to see the password! It's never good security practice to reflect the password back to the screen. What if someone else is watching? If you don't think that's an issue, why bother with the "*******" trick for normal logins - why not just show the password ;-)
This smells like some debugging code left on?
*** This bug has been marked as a duplicate of bug 484303 ***