[jboss-jira] [JBoss JIRA] (AS7-5634) add-user scripts not checking password strength for management users
Maas van den Berg (JIRA)
jira-events at lists.jboss.org
Sat Nov 3 07:49:19 EDT 2012
[ https://issues.jboss.org/browse/AS7-5634?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12731364#comment-12731364 ]
Maas van den Berg commented on AS7-5634:
----------------------------------------
Looks like a duplicate of AS7-5116
Password is checked for both types of users, but due to AS7-5116 the password check is skipped when the username is weak itself.
> add-user scripts not checking password strength for management users
> --------------------------------------------------------------------
>
> Key: AS7-5634
> URL: https://issues.jboss.org/browse/AS7-5634
> Project: Application Server 7
> Issue Type: Bug
> Components: Security
> Affects Versions: 7.2.0.CR1
> Reporter: Cheng Fang
> Assignee: Darran Lofthouse
>
> So there is passwd check for app users, like at least x characters long, with mixed letters, numbers, etc.
> Is the same strength check applied to management user? I would assume management user passwords have more stringent requirement, at least should be the same as app user. But I can create a management user using password that consists of all letters (more than 8 letters).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list