Bug #12198
closed
The password field allows storing a password without any selected hash
Added by Alexis Mousset over 6 years ago.
Updated almost 6 years ago.
Category:
Web - Config management
Severity:
Minor - inconvenience | misleading | easy workaround
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Very Small
Description
When selectig "password + hash" in a password field, and not selecting any hash, everything seems to work fine but thez resulting password is not correct. We should not allow saving the directive without a selected hash algo.
- Target version changed from 4.1.11 to 4.1.12
- Target version changed from 4.1.12 to 4.1.13
- Target version changed from 4.1.13 to 411
- Target version changed from 411 to 4.1.13
- Target version changed from 4.1.13 to 4.1.14
- Severity set to Minor - inconvenience | misleading | easy workaround
- User visibility set to Operational - other Techniques | Technique editor | Rudder settings
- Priority changed from 0 to 31
- Target version changed from 4.1.14 to 4.1.15
- Priority changed from 31 to 30
- Target version changed from 4.1.15 to 4.1.16
- Priority changed from 30 to 29
- Target version changed from 4.1.16 to 4.1.17
- Effort required set to Very Small
- Priority changed from 29 to 55
Either we should forbid the empty hash or use the first value by default. It should be triavial.
- Status changed from New to In progress
- Assignee set to Vincent MEMBRÉ
- Priority changed from 55 to 0
- Status changed from In progress to Pending technical review
- Assignee changed from Vincent MEMBRÉ to François ARMAND
- Pull Request set to https://github.com/Normation/rudder/pull/2087
- Status changed from Pending technical review to Pending release
the fix is suboptimal: it accepted with an empty selected hash algorithm, but we don't know which one is selected (hint: it's likely to be md5)
- Status changed from Pending release to Released
Also available in: Atom
PDF