need to reset user passwords (+UI)
Bug #1288750 reported by
William Reade
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
juju-core |
Fix Released
|
Medium
|
Tim Penhey |
Bug Description
When a subtly malicious admin creates a new user and gives them a .jenv to identify them, the admin could keep a copy and use it to impersonate that user in future; when a client first logs in it should be required to reset the password and record a fresh one before taking any action.
This will involve factoring out and reusing existing logic currently used by agents.
The reset-password functionality must also be exposed in the UI, so that a user can respond effectively if their password is compromised.
Changed in juju-core: | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in juju-core: | |
importance: | High → Medium |
Changed in juju-core: | |
status: | Triaged → In Progress |
status: | In Progress → Triaged |
Changed in juju-core: | |
assignee: | nobody → Tim Penhey (thumper) |
status: | Triaged → In Progress |
milestone: | none → 1.21-alpha2 |
tags: | added: security |
Changed in juju-core: | |
status: | In Progress → Fix Committed |
Changed in juju-core: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.