yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1520737] [NEW] User creation is allowed with empty password

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Karan Soni <karan.soni@xxxxxxxxxxxxxxxxxx>
Date: Sat, 28 Nov 2015 04:44:48 -0000
Reply-to: Bug 1520737 <1520737@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

While creating user using keystone command with password option, it does
not check if user entered any character for password or not.

steps:
$ keystone user-create --name testing --pass
New Password:
Repeat New Password:
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | 47aa13b9c9354f42be3d92a882f39667 |
|   name   |             testing              |
| username |             testing              |
+----------+----------------------------------+

In 'New Password' press enter without typing any character and same for
'Repeat New Password'

then execute any command using the this user credentials and it will
prompt for password, but password is empty so you can not execute any
command.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1520737

Title:
  User creation is allowed with empty password

Status in OpenStack Identity (keystone):
  New

Bug description:
  While creating user using keystone command with password option, it
  does not check if user entered any character for password or not.

  steps:
  $ keystone user-create --name testing --pass
  New Password:
  Repeat New Password:
  +----------+----------------------------------+
  | Property |              Value               |
  +----------+----------------------------------+
  |  email   |                                  |
  | enabled  |               True               |
  |    id    | 47aa13b9c9354f42be3d92a882f39667 |
  |   name   |             testing              |
  | username |             testing              |
  +----------+----------------------------------+

  In 'New Password' press enter without typing any character and same
  for 'Repeat New Password'

  then execute any command using the this user credentials and it will
  prompt for password, but password is empty so you can not execute any
  command.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1520737/+subscriptions

Follow ups

[Bug 1520737] Re: User creation is allowed with empty password
From: Steve Martinelli, 2015-11-28