Charm has default username/password

Bug #1529915 reported by José Antonio Rey on 2015-12-29
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openbook (Juju Charms Collection)
Critical
Michael Garza

Bug Description

This charm contains a default username/password as specified on the README.md file (openbook/Tall!g3nt). This is a serious security vulnerability that can affect users, and violates Charm Store policy. Please edit the charm in a way it does not have default credentials, and asks the user for a username/password instead. Thanks!

José Antonio Rey (jose) on 2015-12-29
Changed in openbook (Juju Charms Collection):
assignee: nobody → Michael Garza (miqe)
José Antonio Rey (jose) wrote :

Hello!

I just wanted to give you a heads up that this charm is violating policy, found at https://jujucharms.com/docs/stable/authors-charm-policy:

 * Must not run any network services using default passwords.

Please, address this issue as soon as possible, as it may be considered a security vulnerability in the charm, affecting users.

Thanks in advance, and should you need any help, please don't hesitate to contact us at <email address hidden> or #juju on freenode (I'm jose in there).

Matt Bruzek (mbruzek) wrote :

Is it possible to fix the default password issue?

The Policy states: "Must not run any network services using default passwords."

https://jujucharms.com/docs/stable/authors-charm-policy

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers