horizon.log reveals admin_password when any user password is changed using admin account
Bug #2058294 reported by
Enzo Candotti
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Enzo Candotti |
Bug Description
Brief Description
The horizon logs reveals admin password during day to day operations like changing password for other users.
Severity
Major
Steps to Reproduce
Log in to Horizon GUI.
tail -f /var/log/
Try to change password for any user using admin accounting.
Expected Behavior
The admin password should also be encrypted.
Actual Behavior
horizon.log reveals admin_password when any user password is changed using admin account
Reproducibility
100% reproducible
Last Pass
Never tested before.
Alarms
No alarms.
Workaround
No workaround
tags: | added: stx.10.0 stx.gui |
Changed in starlingx: | |
importance: | Undecided → Medium |
assignee: | nobody → Enzo Candotti (ecandotti) |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/c/starlingx /gui/+/ 913606
Review: https:/