yahoo-eng-team team mailing list archive

[Tristan Cacqueray <tdecacqu@xxxxxxxxxx>]

This is a class D type of bug ( https://security.openstack.org/vmt-
process.html#incident-report-taxonomy ).

** Changed in: ossa
       Status: Incomplete => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1461433

Title:
  Automatically generated admin password is not complex enough

Status in OpenStack Compute (Nova):
  New
Status in OpenStack Security Advisories:
  Won't Fix

Bug description:
  When performing actions such as create instances, evacuate instances,
  rebuild instances, rescue instances and update instances' admin
  password. When the user dose not provide admin password,
  generate_password() in utils.py is used to generate an admin password.
  Generate_password() now uses two password symbol groups: default and
  easier, the default symbol group contains numbers, upper case letters
  and small case letters. the easier symbol group contains only numbers
  and upper case letters.  The generated password is not complex enough
  and can cause security problems.

  One possible solution is to add a new symbol group:
  STRONGER_PASSWORD_SYMBOLS which contains numbers, upper case letters,
  lower case letters and also special characters such as
  `~!@#$%^&*()-_=+ and space. Then adding a new option in configuration
  file: generate_strong_password = True, when this option is set, nova
  will generate password using STRONGER_PASSWORD_SYMBOLS symbol group
  and with longer password length. If this option is not set, the
  password will be generated using the default symbol group and default
  length.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1461433/+subscriptions