using sudo with one wrong passwords emits 3 password fails
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Low
|
Karla Felix |
Bug Description
Brief Description
An incorrect password with sudo immediately responds with "sudo: 3 incorrect password attempts".
Severity
Minor
Steps to Reproduce
Fail console login, or fail sudo prompt.
Expected Behavior
A wrong password should permit another attempt.
Actual Behavior
The console looked like the following, where the first password attempt is incorrect (mis-typed), and a second execution of the command immediately fails without password prompt.
[sysadmin@
Password:
Sorry, try again.
Sorry, try again.
sudo: 3 incorrect password attempts
[sysadmin@
Sorry, try again.
Sorry, try again.
sudo: 3 incorrect password attempts
There is a cool-down period, allowing subsequent attempts to pass with correct password. The cool down periods appears to be a matter of seconds.
Reproducibility
Yes
System Configuration
AIO Duplex load installed. No additional configuration is required to demonstrate. Was first observed on active controller-1 during upgrade after controller-0 was upgraded.
Load info
CentOS, stx7
Private stx7, after upgrade from 21.12. pulled around 2022/06/10
(context attached).
Last Pass
n/a
Timestamp/Logs
(attached)
Alarms
n/a
Test Activity
First observed during Upgrade testing.
Reproducible on first boot.
Workaround
Wait for cool-down period. Do not mistype password.
Changed in starlingx: | |
assignee: | nobody → Karla Felix (kkarolin) |
Changed in starlingx: | |
status: | New → In Progress |
Changed in starlingx: | |
importance: | Undecided → Low |
tags: | added: stx.7.0 stx.security |
Reviewed: https:/ /review. opendev. org/c/starlingx /config- files/+ /846045 /opendev. org/starlingx/ config- files/commit/ e5a754b6b3d3488 e1a6cf7f22440a7 132d6680d5
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit e5a754b6b3d3488 e1a6cf7f22440a7 132d6680d5
Author: Karla Felix <email address hidden>
Date: Wed Jun 15 14:29:48 2022 -0300
sudo with one wrong passwd emits 3 password fails
Aligning passd-fails with debian to fix issue where one
wrong password emits 3 passwords fails.
Test Plan:
PASS: OS user attempt to login with wrong password 3 times.
PASS: OS user attempt to login with wrong password 3 times
on console.
PASS: ldap user attempt to login with wrong password on ssh.
PASS: ldap user attempt to login with wrong password on
console.
PASS: sudo ask passwords 3 times before blocking access.
Closes-bug: 1979095
Signed-off-by: Karla Felix <email address hidden> dea7d56a6605828 cb22829dd33
Change-Id: I5f49fb5b47eb77