StarlingX

using sudo with one wrong passwords emits 3 password fails

Bug #1979095 reported by Karla Felix
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Low
Karla Felix

Bug Description

Brief Description

An incorrect password with sudo immediately responds with "sudo: 3 incorrect password attempts".

Severity

Minor

Steps to Reproduce

Fail console login, or fail sudo prompt.

Expected Behavior

A wrong password should permit another attempt.

Actual Behavior

The console looked like the following, where the first password attempt is incorrect (mis-typed), and a second execution of the command immediately fails without password prompt.

[sysadmin@controller-1 ~(keystone_admin)]$ sudo grep -rl "is a supported platform application" /var/log
Password:
Sorry, try again.
Sorry, try again.
sudo: 3 incorrect password attempts
[sysadmin@controller-1 ~(keystone_admin)]$ sudo grep -rl "is a supported platform application" /var/log
Sorry, try again.
Sorry, try again.
sudo: 3 incorrect password attempts

There is a cool-down period, allowing subsequent attempts to pass with correct password. The cool down periods appears to be a matter of seconds.

Reproducibility

Yes

System Configuration

AIO Duplex load installed. No additional configuration is required to demonstrate. Was first observed on active controller-1 during upgrade after controller-0 was upgraded.

Load info

CentOS, stx7
Private stx7, after upgrade from 21.12. pulled around 2022/06/10

(context attached).

Last Pass

n/a

Timestamp/Logs

(attached)

Alarms

n/a

Test Activity

First observed during Upgrade testing.
Reproducible on first boot.

Workaround

Wait for cool-down period. Do not mistype password.

Karla Felix (kkarolin)
Changed in starlingx:
assignee: nobody → Karla Felix (kkarolin)
OpenStack Infra (hudson-openstack)
Changed in starlingx:
status: New → In Progress
Ghada Khalil (gkhalil)
Changed in starlingx:
importance: Undecided → Low
tags: added: stx.7.0 stx.security
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to config-files (master)

Reviewed: https://review.opendev.org/c/starlingx/config-files/+/846045
Committed: https://opendev.org/starlingx/config-files/commit/e5a754b6b3d3488e1a6cf7f22440a7132d6680d5
Submitter: "Zuul (22348)"
Branch: master

commit e5a754b6b3d3488e1a6cf7f22440a7132d6680d5
Author: Karla Felix <email address hidden>
Date: Wed Jun 15 14:29:48 2022 -0300

    sudo with one wrong passwd emits 3 password fails

    Aligning passd-fails with debian to fix issue where one
    wrong password emits 3 passwords fails.

    Test Plan:

    PASS: OS user attempt to login with wrong password 3 times.
    PASS: OS user attempt to login with wrong password 3 times
          on console.
    PASS: ldap user attempt to login with wrong password on ssh.
    PASS: ldap user attempt to login with wrong password on
          console.
    PASS: sudo ask passwords 3 times before blocking access.

    Closes-bug: 1979095

    Signed-off-by: Karla Felix <email address hidden>
    Change-Id: I5f49fb5b47eb77dea7d56a6605828cb22829dd33

Changed in starlingx:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.