Agreed with bug report and Jeremy, there doesn't seem to be anything directly exploitable here, we can make this public.
1 & 2 seem to be requests for security hardening similar to how keystone handles PCI-DSS features for user passwords. 3 might indeed be unintended behavior and should be investigated.
Agreed with bug report and Jeremy, there doesn't seem to be anything directly exploitable here, we can make this public.
1 & 2 seem to be requests for security hardening similar to how keystone handles PCI-DSS features for user passwords. 3 might indeed be unintended behavior and should be investigated.