[Openstack-security] [Bug 1461433] Re: Automatically generated admin password is not complex enough
Launchpad Bug Tracker
1461433 at bugs.launchpad.net
Sun Aug 30 04:17:38 UTC 2015
[Expired for OpenStack Compute (nova) because there has been no activity
for 60 days.]
** Changed in: nova
Status: Incomplete => Expired
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1461433
Title:
Automatically generated admin password is not complex enough
Status in OpenStack Compute (nova):
Expired
Status in OpenStack Security Advisory:
Won't Fix
Bug description:
When performing actions such as create instances, evacuate instances,
rebuild instances, rescue instances and update instances' admin
password. When the user dose not provide admin password,
generate_password() in utils.py is used to generate an admin password.
Generate_password() now uses two password symbol groups: default and
easier, the default symbol group contains numbers, upper case letters
and small case letters. the easier symbol group contains only numbers
and upper case letters. The generated password is not complex enough
and can cause security problems.
One possible solution is to add a new symbol group:
STRONGER_PASSWORD_SYMBOLS which contains numbers, upper case letters,
lower case letters and also special characters such as
`~!@#$%^&*()-_=+ and space. Then adding a new option in configuration
file: generate_strong_password = True, when this option is set, nova
will generate password using STRONGER_PASSWORD_SYMBOLS symbol group
and with longer password length. If this option is not set, the
password will be generated using the default symbol group and default
length.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1461433/+subscriptions
More information about the Openstack-security
mailing list