Juju Charms Collection
openbook package

Charm has default username/password

Bug #1529915 reported by José Antonio Rey
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openbook (Juju Charms Collection)
Triaged
Critical
Michael Garza

Bug Description

This charm contains a default username/password as specified on the README.md file (openbook/Tall!g3nt). This is a serious security vulnerability that can affect users, and violates Charm Store policy. Please edit the charm in a way it does not have default credentials, and asks the user for a username/password instead. Thanks!

José Antonio Rey (jose)
Changed in openbook (Juju Charms Collection):
assignee: nobody → Michael Garza (miqe)
Revision history for this message
José Antonio Rey (jose) wrote :

Hello!

I just wanted to give you a heads up that this charm is violating policy, found at https://jujucharms.com/docs/stable/authors-charm-policy:

 * Must not run any network services using default passwords.

Please, address this issue as soon as possible, as it may be considered a security vulnerability in the charm, affecting users.

Thanks in advance, and should you need any help, please don't hesitate to contact us at <email address hidden> or #juju on freenode (I'm jose in there).

Revision history for this message
Matt Bruzek (mbruzek) wrote :

Is it possible to fix the default password issue?

The Policy states: "Must not run any network services using default passwords."

https://jujucharms.com/docs/stable/authors-charm-policy

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.