Bug 486053 - poor password choice leads to password exposure
poor password choice leads to password exposure
Status: CLOSED DUPLICATE of bug 484303
Product: Fedora
Classification: Fedora
Component: redhat-config-users (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Nils Philippsen
Depends On:
  Show dependency treegraph
Reported: 2009-02-17 20:50 EST by Jason Haar
Modified: 2009-02-18 05:39 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-02-18 05:39:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jason Haar 2009-02-17 20:50:12 EST
Description of problem:

I was just doing a test install of FC11-alpha, and after installing it asks for the first account details. I set a poor quality password (eg test4now) and it errored with

You have chosen a poor password (test4now). Blah...

Version-Release number of selected component (if applicable):

How reproducible:

I'm not sure this is really redhat-system-config-users - it's the "first user creation app".

Steps to Reproduce:
1. create account
2. enter poor quality password
3. see error
Actual results:

Expected results:

I wouldn't expect to see the password! It's never good security practice to reflect the password back to the screen. What if someone else is watching? If you don't think that's an issue, why bother with the "*******" trick for normal logins - why not just show the password ;-)

This smells like some debugging code left on?

Additional info:
Comment 1 Nils Philippsen 2009-02-18 05:39:04 EST

*** This bug has been marked as a duplicate of bug 484303 ***

Note You need to log in before you can comment on or make changes to this bug.