changing user's email from user list deletes user password
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Fix Released
|
High
|
Kuo-tung Kao (jelly) | ||
Kilo |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
OS: Ubuntu Server 14.04.2 LTS
Openstack: Kilo
Openstack-dashboard package: 1:2015.
robcresswell: Seems to also occur on master as of 2015-06-24
While logged as an admin user in Dashboard (horizon), if you try to change an email address from another user directly on users list , it will change the email address properly but will turn to NULL that user's password.
This behaviour doesn't seem to have effect while changing email address on "Edit" form.
Before changing email address:
> select * from user where name="demo";
+------
| id | name | extra | password | enabled | domain_id | default_project_id |
+------
| 651261afa8654ed
+------
After:
> select * from user where name="demo";
+------
| id | name | extra | password | enabled | domain_id | default_project_id |
+------
| 651261afa8654ed
+------
Due to security: No pass equals can't log in through dashboard also I tried logging in using a CLI without password and it doesn't seem to work. So, I guess it's not a security vulnerability.
Changed in horizon: | |
status: | New → Confirmed |
importance: | Undecided → High |
description: | updated |
Changed in horizon: | |
assignee: | nobody → jelly (coding1314) |
Changed in horizon: | |
status: | Confirmed → In Progress |
Changed in horizon: | |
milestone: | none → liberty-2 |
Changed in horizon: | |
status: | In Progress → Fix Committed |
Changed in horizon: | |
status: | Fix Committed → Fix Released |
Changed in horizon: | |
milestone: | liberty-2 → 8.0.0 |
reproducible in kilo