Bug 486053 - poor password choice leads to password exposure
Summary: poor password choice leads to password exposure
Keywords:
Status: CLOSED DUPLICATE of bug 484303
Alias: None
Product: Fedora
Classification: Fedora
Component: redhat-config-users
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Nils Philippsen
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-02-18 01:50 UTC by Jason Haar
Modified: 2009-02-18 10:39 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2009-02-18 10:39:04 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Jason Haar 2009-02-18 01:50:12 UTC
Description of problem:

I was just doing a test install of FC11-alpha, and after installing it asks for the first account details. I set a poor quality password (eg test4now) and it errored with

You have chosen a poor password (test4now). Blah...


Version-Release number of selected component (if applicable):


How reproducible:

I'm not sure this is really redhat-system-config-users - it's the "first user creation app".

Steps to Reproduce:
1. create account
2. enter poor quality password
3. see error
  
Actual results:


Expected results:

I wouldn't expect to see the password! It's never good security practice to reflect the password back to the screen. What if someone else is watching? If you don't think that's an issue, why bother with the "*******" trick for normal logins - why not just show the password ;-)

This smells like some debugging code left on?


Additional info:

Comment 1 Nils Philippsen 2009-02-18 10:39:04 UTC

*** This bug has been marked as a duplicate of bug 484303 ***


Note You need to log in before you can comment on or make changes to this bug.