User creation is allowed with empty password
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
New
|
Undecided
|
Unassigned |
Bug Description
While creating user using keystone command with password option, it does not check if user entered any character for password or not.
steps:
$ keystone user-create --name testing --pass
New Password:
Repeat New Password:
+------
| Property | Value |
+------
| email | |
| enabled | True |
| id | 47aa13b9c9354f4
| name | testing |
| username | testing |
+------
In 'New Password' press enter without typing any character and same for 'Repeat New Password'
then execute any command using the this user credentials and it will prompt for password, but password is empty so you can not execute any command.